MCTS.Windows.7.Configuration.Study.Guide.(70-680)

Windows 7 Configuring 70-680 Exam Study Guide MediaWorks Publishing INDEX ABOUT THE AUTHOR................................................................................... 4 ACKNOWLEDGEMENTS............................................................................... 5 INTRODUCTION........................................................................................... 13 ASSESS YOURSELF – PRETEST .............................................................. 16 FORTY QUESTIONS TO SEE WHAT YOU KNOW ABOUT WINDOWS 7................ 16 CHAPTER 1 – UPGRADE PATHS, REQUIREMENTS AND MIGRATION STRATEGIES ............................................................................................... 33 WINDOWS 7 EDITIONS ................................................................................. 34 Windows 7 Starter ................................................................................. 34 Windows 7 Home Basic ........................................................................ 35 Windows 7 Home Premium................................................................... 35 Windows 7 Professional........................................................................ 35 Windows 7 Enterprise ........................................................................... 36 Windows 7 Ultimate............................................................................... 36 UPGRADE PATHS......................................................................................... 37 Upgrading from Windows Vista to Windows 7 ...................................... 37 Upgrading from Windows 7 M3, RC, and Beta to Windows 7 RTM ..... 38 IMPROVEMENTS OVER VISTA ........................................................................ 39 Improved security .................................................................................. 39 New improvements for IT administrators .............................................. 39 AppLocker ............................................................................................. 39 Multiple Active Firewall Policies ............................................................ 40 DirectAccess ......................................................................................... 40 Improved Windows Search ................................................................... 40 Upgraded Windows Recovery Environment ......................................... 40 AeroSnap Desktop Feature................................................................... 41 AeroPeek Desktop Feature................................................................... 41 Improved Backup Utility ........................................................................ 41 Windows XP Mode and Windows Virtual PC........................................ 41 SPEED, LOWER RESOURCE UTILIZATION AND INVISIBLE OPEN WINDOWS.......... 41 MINIMUM HARDWARE REQUIREMENTS.......................................................... 42 DRIVER AND HARDWARE SUPPORT................................................................ 42 WINDOWS 7 32-BIT VS. 64-BIT...................................................................... 43 CHAPTER 2 - INSTALLING WINDOWS 7................................................... 44 WINDOWS PREINSTALLATION ENVIRONMENT (WINDOWS OE)........................ 44 WINDOWS PE TOOLS .................................................................................. 47 BCDBOOT............................................................................................. 47 BCEDIT ................................................................................................. 48 BOOTSECT........................................................................................... 51 7 Deployment Image Servicing and Management ...................................52 DISKPART.............................................................................................54 DRVLOAD .............................................................................................54 OSCDIMG..............................................................................................55 WINPESHI .............................................................................................59 WPEINIT................................................................................................59 WPEUTIL...............................................................................................60 SCANSTATE MIGRATION TOOL ......................................................................62 Hard-Link Migration Store:.....................................................................62 Running ScanState................................................................................62 Offline Windows Images........................................................................62 Volume Shadow Copy Support .............................................................62 Configurable File Errors.........................................................................62 Usmtutils.exe .........................................................................................63 Local Group Migration ...........................................................................63 Using ScanState ....................................................................................64 UPGRADE TO WINDOWS 7 UPGRADE OPTION FROM XP .................................66 UPGRADE TO WINDOWS 7 UPGRADE OPTION FROM VISTA .............................67 USING WINDOWS EASY TRANSFER ...............................................................71 CONFIGURING A VIRTUAL HARD DISK (VHD).................................................73 Installing a VHD-Boot Machine..............................................................73 Creating a VHD......................................................................................75 CHAPTER 3 –SECURITY AND NETWORKING....................................................78 SYSTEM AND SECURITY................................................................................79 Action Center .........................................................................................80 Windows Firewall Configuration and Options........................................86 OUTBOUND RULES.....................................................................................105 NEW CONNECTION SECURITY RULE WIZARD...............................................106 FIREWALL MONITORING..............................................................................110 Domain, Private, and Public Profile tabs .............................................110 IPsec Settings Tab...............................................................................112 Change Notification Settings ...............................................................113 TROUBLESHOOT PROBLEMS MENU .............................................................114 CONFIGURING NETWORK CONNECTIONS.....................................................115 CHAPTER 4 CONTROL PANEL – USER ACCOUNTS AND PROFILES.123 ADVANCED SHARING SETTINGS ..................................................................129 LINKING YOUR ONLINE ID’S........................................................................130 JOINING A DOMAIN .....................................................................................132 PERSONALIZATION .....................................................................................136 Setting Backgrounds............................................................................137 Setting Colors and Appearance...........................................................138 Sound Settings ....................................................................................139 Configuring Screen Saver Settings .....................................................140 Configuring Desktop Icons...................................................................141 Changing the Mouse Pointer Properties..............................................142 Change Your Profile Picture ................................................................143 Change Your Display Settings.............................................................144 8 CUSTOMIZING DEFAULT USER PROFILES .................................................... 145 COPY A USER PROFILE TO A NETWORK DEFAULT USER PROFILE................. 145 CHAPTER 5 - SUPER BAR (TASK BAR) ................................................. 147 CUSTOMIZING THE SUPERBAR PROPERTIES................................................ 148 SHOW DESKTOP BUTTON........................................................................... 151 USING THE SUPERBAR CUSTOMIZE FEATURE.............................................. 152 WINDOWS AERO OVERVIEW....................................................................... 155 Aero Peek Feature .............................................................................. 158 Aero Snap Feature .............................................................................. 158 Aero Shake Feature ............................................................................ 159 Aero Glass Feature ............................................................................. 159 TROUBLESHOOTING WINDOWS AERO ......................................................... 161 OTHER SUPERBAR FEATURES AND CUSTOMIZATIONS.................................. 164 Group Policy Editor Customizations.................................................... 164 APPLICATION PROGRESS BARS.................................................................. 166 PIN AND UNPIN APPLICATIONS TO THE SUPERBAR....................................... 166 CUSTOMIZING THE SUPERBAR WITH THE TASKBAR AND START MENU PROPERTIES TASKBAR TAB........................................................................ 168 WINDOWS KEY SHORTCUTS....................................................................... 170 CHAPTER 6 – FILE SECURITY AND ENCRYPTION............................... 173 APPLOCKER.............................................................................................. 173 USER ACCESS CONTROL (UAC) ................................................................ 177 BITLOCKER ............................................................................................... 179 Encrypting Your Thumb Drive............................................................. 179 SETTING UP YOUR HOMEGROUP ................................................................ 183 ENCRYPTING NTFS USING THE CIPHER TOOL............................................. 189 CHAPTER 7 – MAINTAINING WINDOWS 7 ............................................. 191 SYSTEM SECURITY WITH WINDOWS UPDATES............................................. 192 Sidebar: What if an update gives me trouble? .................................... 194 DEFRAGMENTING DISKS ............................................................................ 195 Running Disk Defragmenter................................................................ 198 WINDOWS CHECK DISK (CHKDSK) AND (CHKNTFS)................................ 200 CHKDSK ............................................................................................. 200 CHKNTFS ........................................................................................... 202 DISK CLEANUP .......................................................................................... 205 REMOTE ASSISTANCE................................................................................ 209 How to Create a Remote Assistance Sessions .................................. 209 Sidebar: Record Problems.................................................................. 210 POWERSHELL ........................................................................................... 211 CHAPTER 8 - WINDOWS BACKUP.......................................................... 212 CONFIGURING A BACKUP ........................................................................... 213 CREATE SYSTEM IMAGE............................................................................. 220 BACKING UP THE REGISTRY ....................................................................... 222 CREATE A SYSTEM RECOVERY DISC .......................................................... 224 9 CHAPTER 9 – OTHER NEW WINDOWS 7 FEATURES ...........................226 FEDERATED SEARCH..................................................................................227 SNIP TOOL.................................................................................................230 STICKY NOTES...........................................................................................230 PERSONAL CHARACTER EDITOR .................................................................232 JUMP LISTS ...............................................................................................233 READYBOOST............................................................................................236 BRANCH CACHE.........................................................................................238 Configure Branch Cache Server..........................................................238 Configure BranchCache Server...........................................................239 BranchCache Client Configuration ......................................................241 INTERNET EXPLORER 8 ..............................................................................243 Quick Tabs...........................................................................................243 Improved Search .................................................................................243 InPrivate Browsing...............................................................................244 CHAPTER 10 – DEVICES AND PRINTERS ..............................................246 INSTALLING A PRINTER OR DEVICE..............................................................247 PRINTER PROPERTIES................................................................................252 CHAPTER 11 – WINDOWS 7 GAMES.......................................................256 INSTALLING GAMES ON WINDOWS 7............................................................256 INTERNET GAMES ......................................................................................260 Internet Backgammon..........................................................................261 Internet Checkers ................................................................................261 Internet Spades ...................................................................................262 BOARD GAMES...........................................................................................263 Chess Titans........................................................................................263 Minesweeper .......................................................................................264 Mahjong Titans ....................................................................................264 CARD GAMES.............................................................................................265 FreeCell Game ....................................................................................265 Hearts Game .......................................................................................266 Solitaire Game.....................................................................................267 Spider Solitaire Game..........................................................................268 CHILDREN'S GAMES ...................................................................................269 Figure 11.19Comfy Cakes ...................................................................269 Comfy Cakes .......................................................................................270 Purble Shop .........................................................................................270 Purble Pairs .........................................................................................271 MORE GAMES!...........................................................................................271 CHAPTER 12 - WINDOWS MEDIA PLAYER ............................................273 LIBRARIES .................................................................................................274 WINDOWS MEDIA PLAYER PRIVACY SETTINGS.............................................276 CHAPTER 13 -COMPUTER MANAGEMENT............................................279 10 SCHEDULE A TASK ..................................................................................... 280 EVENT VIEWER.......................................................................................... 281 Administrative Events.......................................................................... 282 Security-related events ....................................................................... 283 LOCAL USERS AND GROUPS ...................................................................... 284 PERFORMANCE MONITOR .......................................................................... 284 DEVICE MANAGER..................................................................................... 285 DISK MANAGEMENT................................................................................... 287 Shrink Volume..................................................................................... 287 Creating A Partition or Volume............................................................ 289 Extend Volume.................................................................................... 291 Delete Volume..................................................................................... 291 Change Drive Letter ............................................................................ 291 ADMINISTRATIVE TOOLS ........................................................................ 292 Component Services........................................................................... 292 Computer Management ...................................................................... 292 Data Sources (ODBC)......................................................................... 293 Event Viewer ....................................................................................... 293 iSCSI Initiator ...................................................................................... 293 Local Security Policy ........................................................................... 293 Performance Monitor........................................................................... 293 Print Management ............................................................................... 293 Services............................................................................................... 293 System Configuration.......................................................................... 293 Task Scheduler ................................................................................... 293 Windows Firewall with Advanced Security.......................................... 294 FORMATTING YOUR VOLUME...................................................................... 294 FAT16.................................................................................................. 294 FAT32.................................................................................................. 294 NTFS................................................................................................... 294 Sidebar: Drawbacks of FAT ................................................................ 295 exFAT.................................................................................................. 295 DIRECTACCESS OVERVIEW ................................................................... 296 CHAPTER 14-IPV4 AND IP6...................................................................... 297 Broadcast Domains............................................................................. 298 SUBNETS .................................................................................................. 298 Subnet Mask Role ............................................................................... 299 IP VERSION 6............................................................................................ 301 Anycast................................................................................................ 301 Address Dissection.............................................................................. 302 Prefix ................................................................................................... 302 Configuring a IPv6 Address ................................................................ 303 CHAPTER 15-OUTLOOK EXPRESS WHERE ARE YOU? ...................... 305 CONFIGURING MICROSOFT OUTLOOK FOR EMAIL ........................................ 305 11 POP Yahoo! Mail Plus with Microsoft for Outlook 2007 ......................306 Configuring Microsoft Outlook ’98-2007 ..............................................307 Schedule an appointment as shown in figure 15.3..............................307 Schedule a recurring appointment.......................................................308 Schedule a meeting.............................................................................308 Schedule a recurring meeting..............................................................309 Create an event ...................................................................................309 About archive and AutoArchive ...........................................................310 Archive items manually........................................................................311 Turn on AutoArchive............................................................................311 Set AutoArchive properties for a folder................................................311 Delete old items automatically .............................................................312 Delete expired e-mail messages when archiving ................................312 Add a Personal Address Book to a user profile...................................313 Create a personal distribution list ........................................................314 Add a name to a personal distribution list............................................314 Remove a name from a personal distribution list ................................315 Delete a personal distribution list.........................................................315 Create a folder for items ......................................................................315 Move a folder .......................................................................................315 Delete a folder .....................................................................................315 Give permission to others to access my folders..................................316 Set sharing permissions for a folder ....................................................316 Set sharing permissions for a delegate ...............................................317 Change sharing permissions for a delegate........................................317 Contacts...............................................................................................317 Import a contact list or a file.................................................................317 Import a Personal Address Book.........................................................318 Sending email from “Contacts” ............................................................318 TROUBLESHOOTING OUTLOOK....................................................................319 Why can't I see my contacts?..............................................................319 My contacts don't sort in the order I expect.........................................319 When I look up a contact, I get an error message...............................320 I can't find a contact in the Address Book ...........................................320 CHAPTER 16 – NETSH COMMAND..........................................................321 COMMANDS FOR WIRED INTERFACE............................................................321 CONFIGURING IPV6 IN USING NETSH ..........................................................323 ASSESS YOURSELF – ARE YOU READY FOR THE EXAM?.................324 ASSESS YOURSELF ANSWERS-PRETEST ............................................345 ASSESS YOURSELF ANSWERS - ARE YOU READY FOR THE EXAM? .....................................................................................................................346 GLOSSARY.................................................................................................347 12 OTHER TITLES FROM MEDIAWORKS PUBLISHING............................. 374 13 Introduction This book is for anyone planning to install, configure, or use Windows 7 and pass the Windows 7, Configure exam (70-680). It is easily understood and in a step by step format with over 300 screenshots, figures, and tables. It is recommended from a beginner’s level all the way to a network administrator with advanced experience with previous windows versions. If you have never made custom modifications to a Windows operating system nor have experience with modifying a registry, you should have no problems understanding this book. Now that we have gotten that out of the way, let’s get down to how this book is constructed. Windows 7 is Microsoft’s newest operating system. There are many changes and if you are used to Microsoft XP (Not in Classic Mode) and have graduated to Vista, you will find the stepping stones to this operating system much easier. However, if you are making the jump from Windows 2000 or Windows XP in Classic Mode, some of the changes will be a difficult adjustment. We make this book pretty easy to understand for just about everyone. We have taken the time to really understand each picture and what you are looking at. When there are multiple icons on the screen, we describe what you are looking at, and give you pointers as shown below in figure I.1, showing the alerts flag on the new Superbar. Each screenshot or picture is labeled with a description and call out to the picture. Such as this one in I.1. (Introduction.Picture Number) Figure I.1 And also here I this example where the item we are describing is highlighted here in figure I.2. 14 Figure I.2 Occasionally, a screen is really cluttered and so we will point out all the significant factors of that screen as shown in figure I.3. Figure I.3 Once we get past the installation portion in chapter 1, we will start with how the basic features are used and configured. Then we will talk about more technical aspects and how to use and configure those. There are actually thousands of 15 customizations you can configure. This book only scratches the surface of the features most likely used in business. Windows 7 operating system (OS) is packed with new features especially in the Enterprise and Ultimate versions. Such as: • DirectAccess: Gives mobile users seamless access to corporate networks without a need to VPN. • BranchCache: Decreases the time branch office users spend waiting to download files across the network. • Federated Search: Find information in remote repositories, including SharePoint sites, and many others with a new simple user interface. • BitLocker and BitLocker To Go: Helps to protect data on PCs and removable drives, with manageability to enforce encryption and backup of recovery keys. • AppLocker: Specifies what software is allowed to run on a user's PCs through centrally managed but flexible Group Policies. • Virtual desktop infrastructure (VDI) optimizations: Gives the user the ability to reuse virtual hard drive (VHD) images to boot a physical PC. • Disk Imaging: Allows you to create a single OS image for deployment to users worldwide. These are all available in the Ultimate and Enterprise versions of the software and will be discussed later in this book. But not all the features in this book are in every version. In the next chapter let’s take a look at what features are available in each version, the upgrade path for legacy operating systems, and a brief description of some of the new major features of Windows 7. 16 Assess Yourself – Pretest Forty Questions to See What You Know About Windows 7 See Assess Yourself Answers—Pretest, right after the last chapter of this book on page 345 for the answers to this assessment. Question 1 A user wants to install the games included with Windows 7 on his PC. They were not installed by default. Windows components can be added or removed using which of the following in Windows 7. A. Click the Start Bar, Control Panel, Add/Remove Programs, and click Windows Components. B. Click the Start Bar, Control Panel, Programs, then click Turn Windows features on or off. C. Click the Start Bar, Settings, Windows Control Center. D. Right click the “My Computer” icon, Choose Properties, Choose Computer Management, on the left pane choose Add/Remove Windows Components. Answer: _________ Question 2 There is an Active Directory domain and a Direct Access infrastructure already configured in your network. Windows 7 is installed on a new laptop and you have joined the computer to the domain. You have to make sure that the computer can establish DirectAccess connections. Which of the following should be performed? A. Create Network Discovery firewall exception should be enabled. B. Add the users to the Remote Operators group. C. Create a VPN connection new network connection should be created. D. Install a valid computer certificate. Answer: _________ 17 Question 3 You are installing Windows 7 on from the desktop of a Windows XP Professional PC. Which of the following can be performed from the Windows 7 DVD? A. Run setup.exe from the DVD to start the Windows 7 installation. B. Use the autorun feature on the DVD to start the installation. C. Perform a full installation of Windows 7. D. Perform and upgrade of Windows 7 keeping all the Windows XP settings. E. All of the above Answer: _________ Question 4 You use a laptop named Laptop1 which runs Windows 7. There is a Windows 2008 R2 server named Server1 that contains a shared folder named Data. You need to configure Laptop1 to cache and encrypt the files from the Data share so they can be used when Laptop1 is not connected to the network. You want the files in the Data share to automatically synch each time Laptop1 connects to the network. Which action should be performed? A. On Server1, the files should be encrypted on the Data share. Copy the data to a folder on the Laptop1. B. Copy the files from the Data share to the Documents library and turn on BitLocker To Go Drive Encryption. C. You should make the Data share available offline and enable encryption of offline files on Laptop1. D. BitLocker Drive Encryption should be configured on Server1. You should make Data share available offline on all computers in the network. Answer: _________ 18 Question 5 Federated Search connectors are installed using what method? A. Purchase the Federated Search Installation Tool Pack online and buying individual search connectors from websites. B. Download an .osdx file from a valid source. Double click on the downloaded file and choose Add to install. C. Go to Microsoft’s website. Only vendors who have signed up with the Microsoft Federated Search Tool Writers Guild can participate. D. Go to Amazon.com and download the Shared Resource Kit for Federated Searches. Answer: _________ Question 6 You have two computers named Laptop1 and Computer2. Windows Vista is run on Laptop1. Windows 7 is run on Computer2. You are tasked with migrating all the users files and profiles from Laptop1 to Computer2. Which command would be used to identify how much space is required to complete the migration? A. Run Windows Easy Migrate and press test the C: drive on Laptop1. B. dsmigrate \\Laptop1\store /nocompress /p should be run on Computer2. C. loadstate \\Laptop1\store /nocompress should be run on Computer2. D. scanstate c:\store /nocompress /p should be run on Laptop1. Answer: _________ 19 Question 7 Which of the following is not a volume type usable by Windows 7? A. FAT B. FAT32 C. exFAT D. NTFS E. All of the above a volume types in Windows 7. Answer: _________ Question 8 You have a workgroup which contains seven computers running Windows 7 Professional. A computer named Computer1 has MP4 files to share. What should Computer 1, do to share the files? A. Connect a removable drive and enable BitLocker To Go. B. Create a Homegroup with a shared password. C. All BranchCache rules should be enabled in Windows Firewall. D. The files should be moved to a Media Library. Answer: _________ Question 9 The Aero Shake feature will work if which of the following conditions are met? A. A display adapter compatible with WDDM is installed. B. Aero features are downloaded from Microsoft. C. The windows experience index is at least 2. D. The Windows Experience Index is 3 or greater. Answer: _________ 20 Question 10 You are called in to assist a company called MediaWorks because you are experienced at installing, upgrading, migrating and deploying Windows 7. You manage a computer that runs Windows 7. You are tasked to identify which applications were installed during the last week. What Windows component would you use to find this information? A. Check the Windows System Change Log in the Control Panel. B. View the events in the Applications Log under Windows Logs in the System and Security component section of the Control Panel. C. Check Add/Remove Programs Log in the Control Panel, Programs section. D. Check the Windows System Diagnostics Report under the Performance Monitor MMC. E. The informational events should be reviewed from Reliability Monitor. Answer: _________ Question 11 Which of the following steps will keep a Microsoft Word shortcut icon on the Taskbar after the next reboot? A. Copy and paste a Microsoft Word icon to the Taskbar. B. Right click on the Microsoft Word icon and choose, “Staple to Superbar”. C. Drag the Microsoft Word shortcut icon to the Taskbar. D. Open Microsoft Word. While the Icon is on the Taskbar, right click the icon and choose, “Pin this program to taskbar”. Answer: _________ 21 Question 12 You have a computer that runs Windows 7. You open the Disk Management in the Computer Management MMC. You need to make sure that you are able to create a new partition on Disk 0 but the space is used. Which of the following would allow you to make another partition on Disk 0, as shown in the figure above? A. Create a Virtual Hard Disk (VHD) and assign as Disk 0. Change Disk 0 to Disk 3. B. In order to make sure of this, volume C should be compressed. C. In order to make sure of this, Disk 0 should be converted into a dynamic disk. D. Shrink volume C to make space for another volume. Answer: _________ Question 13 All the games including Titan Chess come with which versions of Windows 7? A. Windows Home Edition B. Windows Professional Edition C. Windows Ultimate Edition D. Windows Enterprise Edition Answer: _________ 22 Question 14 There is an Active Directory domain in your network. There are two computers which have already joined the domain named Computer1 and Computer 2 running Windows 7 Professional. From Computer 1, you can recover all Encrypting File System (EFS) encrypted files for users in the domain. You have to make sure that you can recover all EFS encrypted files from Computer 2. What action should you perform? A. Use the Cipher.exe /wc:\. The take the certificate and place it on Computer 2 to be able to read the encrypted files. B. Use AppLocker to create a data recovery certificate on Computer1 and copy the certificate to Computer2. C. Export the data using the new Windows 7 EFS Recovery tool using the /export syntax on Computer 1 and using the /target syntax for Computer 2. D. Export the Data Recovery Agent Certificate on Computer 1 to Computer 2. Answer: _________ Question 15 Which of the following Windows 7 Editions allows you to join an Active Directory domain? A. Windows Home Edition B. Windows Professional Edition C. Windows Ultimate Edition D. Windows Enterprise Edition Answer: _________ 23 Question 16 Which of the following is not a minimum requirement to install Windows 7? A. 1 GHz or faster 32-bit (x86) or a 64-bit (x64) processor B. 4GB RAM (32-bit)/2 GB RAM (64-bit) C. 16 GB available disk space (32-bit)/20 GB (64-bit) D. DirectX 9 graphics processor with WDDM 1.0 or higher driver. Answer: _________ Question 17 Which of the following is not a rating for games in Windows 7? A. General Audience (G) B. Everyone (E) C. Teen (T) D. Mature (M) E. Adults Only (AO) Answer: _________ Question 18 What tool can be used to verify that device drivers installed on a Windows 7 computer are digitally signed? A. cipher.exe B. There is no tool to perform this procedure on all device drivers. C. Use Device Manager and choose the Digital Verification Tool. D. Sigverif.exe Answer: _________ 24 Question 19 In Windows 7 you can control when users such as kids can login to Windows 7. Which of the following best describes where to configure this option? A. You cannot choose this feature unless you are connected to a domain. B. Go to the Start, Control Panel, User Accounts and Family Safety, Setup Parental Controls, and then choose Time Restrictions. C. Go to Start, Control Panel. User Profiles, and then Time Restriction Settings. D. Go to the Homegroup settings and choose Offline Time Settings. Answer: _________ Question 20 How do you change file associations in Windows 7? A. Open the Control Panel, Open Programs, then choose Default Programs and then click Set Associations. B. Open My Computer, Choose Tools, Options, and choose the Associations Tab. C. Right click on the desktop, choose Manage. In Computer Management choose File Settings in the left pane. In the right pane you can choose the setting to change. D. Open Computer Configuration and then click Software Settings from the local Group Policy. Answer: _________ 25 Question 21 Which of the following best describes how the user is alerted with information system and configuration alerts? A. A popup occurs and the Windows 7 desktop contrast is dimmed. Until you acknowledge the alert the screen will not move. B. If Aero is installed the shaking alert flag appears in the index bar of every open window. C. A flag in the taskbar with a red “x” indicates there is a problem needing attention. D. All of the above Answer: _________ Question 22 If you have a router in the network you’re connected to and the Default Gateway is set to 192.168.1.1 and the subnet mask is 255.255.255.0, which of the following are useable IP addresses on that network? A. 192.168.1.1 B. 192.168.1.300 C. 192.168.1.30 D. 192.168.2.10 Answer: _________ Question 23 You have a dual boot PC running both Vista and Windows 7 on partitions on the computer. Which file would you edit to force the PC to book Vista by default? A. boot.ini B. ntfsboot.cfg C. bcdedit.exe D. system.cfg Answer: _________ Question 24 26 To establish a DirectAccess connection to the network, what is the first requirement? A. Install a certificate B. Create a VPN connection C. A static IPv4 address D. A static IPv6 address Answer: _________ Question 25 Which of the following is true of Windows 7? A. MailCentral is included as the new default mail client with Windows 7. B. Outlook Express is included with Windows 7. C. Microsoft Outlook is included with Windows 7. D. There is no preinstalled mail client included with Windows 7. Answer: _________ Question 26 How do you export the user state and settings to another PC when using a custom application? A. Use the scanstate tool with the /userprof syntax. B. The migapp.xml file should be modified. Then scanstate should be run and the /i syntax should be specified. C. Just copy the profile using the Easy Transfer Wizard. D. Loadstate.exe should be run and the /config syntax should be used. Answer: _________ 27 Question 27 To audit the usage of other users on a shared folder on your Windows 7 computer, which of the following actions should be taken? A. Configure the Audit object access setting in the local Group Policy. B. Right click on the folder being shared and choose the Audit directory service Access setting. C. In the Event Viewer, right click on the System Log. Choose Properties and select all the options for logging including folder access. D. Modify the properties of the Security log from the Event Viewer. Answer: _________ Question 28 You are in charge of a computer that runs Windows 7. You find that an application named Google Desktop runs during the startup process. You have to prevent only Google Desktop from running during the startup process. Users must be allowed to run Google Desktop manually however. What is the proper way to configure this without using third party tools? A. The msconfig.exe tool should be modified. B. The application control policy should be modified from the local Group Policy. C. The software boot policy should be modified from the local Group Policy. D. The Startup applications in the System Configuration tool should be modified. Answer: _________ 28 Question 29 You have a Virtual Hard Disk (VHD) with Windows 7 installed and a computer running Windows 7 Ultimate. Which procedure of the following would allow you to book the Windows 7 PC from the VHD? A. Run bcdedit.exe and modify the Windows Boot Manager. B. Select vdisk should be run from Diskpart.exe. C. Modify the BIOS to boot from an ISO. D. Press F12 at startup and wait for the option to press any key to start from a VHD. Answer: _________ Question 30 You use Windows Preinstallation Environment (Windows PE) to start a computer. Which Windows PE utility woulfd you use to dynamically load a network adapter device driver? A. bcedit.exe B. winrm.exe C. drvload.exe D. cipher.exe Answer: _________ Question 31 Which of the following is used to control when the security pop-up notifications are used? A. Security Control Manager B. User Account Control C. User Access Control Panel D. Notification Control Settings Manager Answer: _________ 29 Question 32 Which of the following is not a Windows PE tool? A. Diskpart B. Drvload C. Oscdimg D. Winpeshl E. None of the above. Answer: _________ Question 33 A Windows 7 laptop connects to a wireless network connection at your office on the wireless access point you disable Service Set Identifier (SSID) broadcasts. Suddenly, you discover that the laptop is unable to connect to the wireless access point.. Which of the following should be modified to allow the laptop to connect to the wireless network? A. The Windows credentials should be modified from Credential Manager. B. The wireless network connection setting should be modified from Network and Sharing Center. C. The generic credentials should be modified from Credential Manager. D. Network discovery should be turned on from Network and Sharing Center. Answer: _________ Question 34 Which of the following can be used to increase the physical memory on your Windows 7 PC and increase the speed? A. PhysiRAM B. Aero Glass C. DirectAccess D: ReadyBoost Answer: _________ 30 Question 35 A USB external drive is attached to a Windows 7 Professional computer. You want to enable BitLocker To Go on the USB disk. Which of the following must be done? A. In order to make sure of this, obtain a client certificate from an enterprise certification authority (CA). B. You must install the Encrypting File System (EFS) from the Add/Remove Windows Components. C. In order to make sure of this, the computer should be upgraded to Windows 7 Ultimate or Windows 7 Enterprise. D. You need to download BitLocker To Go from Microsoft’s website. Answer: _________ Question: 36 Which of the following Windows 7 utilities was used to create the output in the above figure? A. MemManager.exe B. SysPrep.exe C. Cipher.exe. D. Performance Monitor Answer: _________ 31 Question 37 You need to configure a Windows Ultimate PC to download updates from a local Windows Server Update Services (WSUS) server. What action should you perform to achieve this? A. In order to achieve this, the System Protection settings should be modified from the System settings. B. In order to achieve this, the Windows Update settings should be modified from the local Group Policy. C. In order to achieve this, the Windows Update settings should be modified from Windows Update. D. In order to achieve this, the Location and Sensors settings should be modified from the local Group Policy. Answer: _________ Question 38 What is the easiest way to identify a dynamic IPv6 address on a Windows 7 PC? A. Click Properties from network connection properties. B. Click Details from the network connection status. C. netconfig D. netstat Answer: _________ 32 Question: 39 If you plan to use an automated install of Windows 7, what file is required to create an automated installation of Windows 7? A. An answer file named sysprep.inf. B. An answer file named autounattend.xml. C. An answer file named oobe.ini D. An answer file named unattended.ini Answer: _________ Question 40 What action would you perform to prevent Internet Explorer from saving any data during a browsing session? A. The security settings for the Internet zone should be disabled. B. The BranchCache service should be disabled. C. The InPrivate Blocking list should be disabled. D. Open an InPrivate Browsing session in IE. Answer: _________ 33 Chapter 1 – Upgrade Paths, Requirements and Migration Strategies Windows 7 Starter, Home Basic, Home Premium, Professional, Enterprise and Ultimate, along with the N versions for the European market each represent a simplification over the equivalent Vista versions that came out in January of 2007. In Windows 7 each version is a superset of one another. If you upgrade from one version to the next, they keep all features and functionality from the previous edition. For example moving from Starter to Ultimate, each edition will supersede the previous, containing all of its features and adding additional components. Microsoft is initially focused on the marketing and distribution of Windows 7 Home Premium,, Windows 7 Professional, and Windows 7 Ultimate. Rather than pushing all editions on the market at once, Microsoft is aiming the core editions at specific market segments to try and simplify the choices for consumers. Alert: One of the biggest mistakes made by those who purchased Vista was that they didn’t realize you could not join an Active Directory domain using any Home Edition, Starter Edition, or Media Center Editions of Vista. The same is true for Windows 7 versions as well. Although figure 1.1 on the next page only shows three products, there are actually seven Windows 7 Editions: Starter, Home Basic, Home Premium, Professional, Enterprise and Ultimate. Windows 7 comparison matrix from Microsoft’s website: http://www.Microsoft.com/windows/windows-7/compareeditions/ default.aspx 34 Figure 1.1 Windows 7 Editions Windows 7 is designed to run on a very broad set of hardware, from smallnotebook PCs to full gaming desktops. This way, customers can install the version of Windows 7 they want regardless of the hardware they already have. Many people have Vista and XP and only want to upgrade to the equivalent version of what they currently have. So let us take a look at the different XP and Vista versions and match them up to the Windows 7 equivalent. We will also look at the availability (How you can obtain that version?), and the Windows 7 key features. Windows 7 Starter The equivalent of Windows Vista Starter and Windows XP Starter editions. 35 Availability: Worldwide, however this version is only pre-installed on new PCs by an OEM (original equipment manufacturer). Features: Superbar (evolved taskbar), Jump Lists, Windows Media Player, Backup and Restore capabilities, Action Center, Device Stage, Play To, Fax and Scan, Games. Windows 7 key features: Windows Media Center, Live Thumbnail previews, Home Group, users are limited to running only three concurrent applications. Windows 7 Home Basic The equivalent of Windows Vista Basic and Windows XP Home Edition. Availability: Exclusively for emerging markets, only pre-installed on new PCs by an OEM (original equipment manufacturer). Features: Superbar (evolved taskbar), Jump Lists, Windows Media Player, Backup and Restore capabilities, Action Center, Device Stage, Play To, Fax and Scan, Games. Windows 7 key features: Aero Glass GUI, Live Thumbnail Previews, Internet Connection Sharing, Windows Media Center.. Windows 7 Home Premium The equivalent of Windows Vista Home Premium and of Windows XP Media Center Availability: Worldwide via mainstream retail resellers and OEM channels. Windows 7 key features: Aero Glass GUI, Aero Background, Aero Peek, Aero Snap, Live Thumbnail previews, Multi Touch capabilities, Home Group, Windows Media Center, DVD playback and authoring, Premium Games, Mobility Center. Cut Win 7 key features: Domain join, Remote Desktop host, Advanced Backup, EFS, Offline Folders Windows 7 Professional The equivalent of Windows Vista Business and Windows XP Professional. Availability: Worldwide via mainstream retail resellers and OEM channels. Features: Aero Glass GUI, Aero Background, Aero Peek, Aero Snap, Live Thumbnail previews, Multi Touch capabilities, Home Group, Windows Media Center, DVD playback and authoring, Premium Games, Mobility Center, Domain join, Remote Desktop host, Location Aware printing, EFS, Mobility Center, Presentation Mode, Offline Folders. 36 Windows 7 key features: BitLocker, BitLocker To Go, AppLocker, Direct Access, Branche Cache, MUI language packs, boot from VHD. Windows 7 Enterprise The equivalent of Windows Vista Enterprise. Availability: Worldwide, but only to Microsoft's Software Assurance (SA) customers via Volume Licensing. Features: Aero Glass GUI, Aero Background, Aero Peek, Aero Snap, Live Thumbnail previews, Multi Touch capabilities, Home Group, Windows Media Center, DVD playback and authoring, Premium Games, Mobility Center, Domain join, Remote Desktop host, Location Aware printing, EFS, Mobility Center, Presentation Mode, Offline Folders, BitLocker, BitLocker To Go, AppLocker, Direct Access, Branche Cache, MUI language packs, boot from VHD. Windows 7 key features: Windows 7 Enterprise contains all the features offered with the next version of the Windows client. Windows 7 Ultimate The equivalent of Windows Vista Ultimate Availability: worldwide via mainstream retail and OEM channels. Features: Aero Glass GUI, Aero Background, Aero Peek, Aero Snap, Live Thumbnail previews, Multi Touch capabilities, Home Group, Windows Media Center, DVD playback and authoring, Premium Games, Mobility Center, Domain join, Remote Desktop host, Location Aware printing, EFS, Mobility Center, Presentation Mode, Offline Folders, BitLocker, BitLocker To Go, AppLocker, Direct Access, Branche Cache, MUI language packs, boot from VHD. Windows 7 key features: Windows 7 Ultimate contains all the features offered with the next version of the Windows client. 37 Upgrade Paths Unfortunately, because of features and compatibility issues, only a limited number of versions can be used as an upgrade path for newer versions. Attempting to upgrade a 32-bit(x86) operating system to a 64-bit(x64) operating system and vice versa will always require a complete reinstall. Upgrading from Windows Vista to Windows 7 This is a tough pill to swallow for those who upgraded to Vista right away when it first hit the market. The RTM(Release to Manufacturing) edition of Windows Vista (the one released at the end of January 2007) won't have the option of upgrading to Windows 7. Microsoft's documentation indicates that upgrades to Windows 7 are supported only for Vista Service Pack 1 and SP2 editions. When it comes down to Vista-to-Windows 7 upgrades, “Cross-architecture inplace upgrades (for example, x86 to x64) are not supported. Cross-language inplace upgrades (for example, en-us to de-de) are not supported. Cross-media type in-place upgrades (for example, Staged to Unstaged or Unstaged to Staged) are also not supported. Let us now list all the remaining versions and whether an upgrade is available: - No upgrade path for Windows Vista Starter (SP1, SP2), not even to Windows 7 Starter. - Windows Vista Home Basic (SP1, SP2) 32-bit (x86) and 64-bit (x64) can be upgraded to Windows 7 Home Basic, Home Premium and Ultimate 32-bit (x86) and 64-bit (x64). - Windows Vista Home Premium (SP1, SP2) 32-bit (x86) and 64-bit (x64) can be upgraded to Windows 7 Home Premium and Ultimate 32- bit (x86) and 64-bit (x64). - Windows Vista Business (SP1, SP2) 32-bit (x86) and 64-bit (x64) can be upgraded to Windows 7 Professional, Enterprise and Ultimate 32-bit (x86) and 64-bit (x64); - Windows Vista Enterprise (SP1, SP2) 32-bit (x86) and 64-bit (x64) can be upgraded to Windows 7 Enterprise 32-bit (x86) and 64-bit (x64); - Windows Vista Ultimate (SP1, SP2) 32-bit (x86) and 64-bit (x64) can be upgraded to Windows 7 Ultimate 32-bit (x86) and 64-bit (x64); - No upgrade path for Windows Vista Home Basic N (SP1, SP2), not even to Windows 7 N or E; - No upgrade path for Windows Vista Business N (SP1, SP2), not even to Windows 7 N or E. 38 Upgrading from Windows 7 M3, RC, and Beta to Windows 7 RTM Here we will look at the upgrade options for Windows 7. We will include the Beta and Release Candidate versions for those who tested Windows 7 before the official release: - Windows 7 M3 to Windows 7 Beta in-place upgrade is supported; - Windows 7 M3 to Windows 7 RC in-place upgrade is NOT supported; - Windows 7 M3 to Windows 7 RTM in-place upgrade is NOT supported; - Windows 7 Beta to Windows 7 RC in-place upgrade is supported; - Windows 7 Beta to Windows 7 RTM in-place upgrade is NOT supported; - Windows 7 RC to Windows 7 RTM in-place upgrade is supported. Note: Beta to RC paths is not supported by Microsoft Customer Service and Support. Special scenario upgrades exist where the user performs a ‘Windows 7 to ‘Windows 7’ in-place upgrade as a means of repair (for example, upgrading Windows 7 Ultimate to Windows 7 Ultimate Repair In Place (RIU) which is supported as a way an upgrade path. This is opposed to a standard upgrade called a Windows Anytime Upgrade (WAU) which is also supported. WAU uses the Transmogrifier platform to transform a lower Windows 7 product to a higher Windows 7 product, for example Windows 7 Starter Edition to a Windows 7 Ultimate Edition. Figure 1.2 shows which legacy Windows products are supported for upgrades using RIU or WAU and come from the latest matrix provided by Microsoft’s TechNet. (An ‘X’ indicates it is not supported.) With Windows 7, just as it was the case with Windows Vista, Microsoft will offer two special editions of the operating system, the N and K SKUs, because it is obliged to do so by the antitrust authorities in Europe and Korea. In addition to these two editions, because of the objections of the European Antitrust Commission had related to the Windows – IE bundle, Europe Microsoft will also make available the E flavor of Windows 7, namely the operating system with the browser stripped off. Figure 1.3 shows Windows 7 products with a comparison to better Windows 7 products and whether an upgrade path is supported. 39 Improvements over Vista The prospect of migrating an entire company to a new operating system is almost always a daunting venture. You'll need to make sure you get a return on the significant investment that you'll make in the product itself. The staff, time and resources needed to install it and work out the inevitable kinks. Windows 7 has changed the name, look, feel, features, speed, and even the logo’s to part ways with Vista because of the bad vibes that still resonate. Windows Vista met with almost immediate critical disapproval when it was released in January 2007. To be fair, Vista had many improvements over the XP operating system, including better security, file sharing, and search capabilities. But those were largely overshadowed by its shortcomings: constant security pop ups, excessive use of RAM, an overly aggressive User Account Control (UAC) feature, hardware incompatibility, and more. Now comes Windows 7 and if the early reviews are any gauge including my review, Microsoft appears to have ironed out many of the issues that haunted Vista. In fact, some reviewers including myself feel it is the best Microsoft Operating System ever produced. Improved security Security is always a big issue with Windows. Witness the flurry of activity and tension that surrounds the typical Patch Tuesday. Windows 7 addresses the issue with a number of security upgrades. Microsoft has added the BitLocker full-volume encryption feature that came out with Vista. The Windows 7 version still uses a 128-bit or 256-bit AES encryption algorithm, but is now more flexible and simplifies drive encryption by automatically creating hidden boot partitions. The result, users no longer need to repartition their drives after installation. And where Vista users required a unique recovery key for each protected volume, Windows 7 users only need a single encryption key. A new feature called “BitLocker To Go” lets users encrypt removable storage devices with a password or a digital certificate. New improvements for IT administrators A plethora of new options that make life easier for IT professionals as shown below: AppLocker This new feature is a control policy that allows administrators to precisely spell out what applications users can run on their desktops. It 40 can also be used to block unauthorized or unlicensed software and applications. Multiple Active Firewall Policies This feature provides a big improvement over Vista, which automatically set firewall policies depending on the type of network connection you chose such as home, public, or work. Remote Vista users couldn’t connect to multiple networks while on the road, or if someone working from home used a VPN, he or she couldn't apply settings to connect to the corporate network. Windows 7's Multiple Active Firewall Policies allows IT professionals to create multiple sets of rules for remote and desktop employees. DirectAccess A feature provides a secure way to manage and update individual PCs remotely. It uses IPv6 and IPSec protocols to create a secure, two-way connection from a remote user's PC to the corporate network. Users benefit by not having to manually set up VPN connections and IT professionals enjoy the ease of distributing patches and updates whenever remote workers are connected to the network. Improved Windows Search Is a new feature which allows for faster more thorough searches, and also provides IT administrators with better per-user policy oversight and the ability to manage resource utilization by controlling how desktop search accesses network resources. Additional improvements were the seek-and-find capabilities with Federated Search, which combines desktop, SharePoint, and Internet search methods and allows users to scan external hard drives, networked PCs, and even remote data sources. Another new feature enables the user to search for identical copies of files on drives. Upgraded Windows Recovery Environment A feature Microsoft introduced in Vista and was a replacement of the Recovery Console in Windows XP. The new upgrade allows users to perform a range of system and data recovery functions, including checking for defective memory, repairing boot-level startup issues, returning the system to earlier configurations, and other features we will discuss later in this book. 41 AeroSnap Desktop Feature This is a new feature of Windows desktop. If you pull a window to either edge of the desktop, it automatically makes each screen half the screen and compares the two windows side by side. AeroPeek Desktop Feature This is another new feature of Windows desktop. In XP and Vista you had a button to minimize all the windows and see the desktop. The problem was that all the windows you had minimized you then had to maximize one by one. The new button to the right of the clock makes all the windows invisible when pushed. You can even click on desktop items and open them. Press the button again and all your open windows come back the way they were before you pressed the button. Improved Backup Utility This improved backup utility now gives users control over which folders they want to back up which was a restriction in Vista, which allowed backups on a per-volume basis only. Windows XP Mode and Windows Virtual PC These two new features address issues of incompatibility for applications designed to run older XP applications. You will learn to configure this later in this book. This shows Microsoft is intent on retiring XP as a supported product in the near future. Speed, lower resource utilization and invisible open windows Most users of Windows 7 will tell you that this new operating system uses fewer resources which make it faster than its predecessor, Vista. While that ultimately will depend on each PC's RAM level and processor capabilities, Windows 7 does boot up and shut down faster that Vista or XP, in part because the new OS loads device drivers in parallel as opposed to serial. In addition the Windows 7 user interface is also less cluttered and the Control Panel and shut down features are less confusing. And those annoying security pop ups? Windows 7 adds a slider feature that lets users decide if you want those or not. YAY! It reminds me of the MAC commercials where the secret service agent stands between the PC and the MAC guys and tries to intervene 42 every time the PC tried to talk to the MAC and vice versa. MAC had a field day with those commercials. The taskbar has been redesigned to resemble the Dock feature in Mac OS X. The new taskbar features a customizable lineup of program icons that users can click on to launch or switch between applications. But Microsoft did one better on Mac Dock; right-click on an application icon in the taskbar and you get a list of actions associated with it. For example, the Microsoft Word icon will present a list of the most recently opened files, while Firefox will lay out a list of your most visited web sites. Finally, Aero Peek is a new feature that can be activated by hovering your mouse over a small rectangle on the edge of the taskbar. Your windows all stay open but instantly become transparent revealing the icons and features of the desktop. Minimum Hardware Requirements The hardware requirements for Windows 7 are relatively close to those for Vista. This is an improvement. Speeds of processors and RAM have greatly increased since Vista was released where the requirements have virtually stayed the same. Windows 7 requirements: E. 1 GHz or faster 32-bit (x86) or a 64-bit (x64) processor F. 1GB RAM (32-bit)/2 GB RAM (64-bit) G. 16 GB available disk space (32-bit)/20 GB (64-bit) H. DirectX 9 graphics processor with WDDM 1.0 or higher driver. Note: Microsoft's free Windows 7 Upgrade Advisor can help you decide if your hardware will work; check it out at: www.Microsoft.com/windows/windows- 7/get/upgrade-advisor.aspx. Driver and hardware support Where this was an issue with CP driver not being compatible with Vista this does not seem to be an issue with Windows 7 which can use Vista drivers. There are some minor differences so Microsoft introduced the Application Compatibility Toolkit which allows IT professionals to inventory their applications and decide whether their applications are Windows 7-compatible. This way, companies can apply compatibility fixes if they are needed. 43 Windows 7 32-bit vs. 64-bit Most people have no idea what upgrading to 64-bit gets you. You will see no upfront advantage if you are running 32-bit software on a 64-bit OS. You also lose the ability to run 16-bit software. If you have older DOS type application you should test to make sure it will work on and work properly on a 64-vit OS. What you do get is more speed. More bits gets you access to more. The processor inside your PC communicates with your system memory (RAM). Thus, the maximum amount of memory a 32-bit processor can address is 4 gigabytes. 64-bit processors can address 17,179,869,184 gigabytes (16 exabytes) of RAM. Most people will use Windows 7 64-bit to address the increasing demands for more RAM. But while 64-bit Windows 7 can run most 32-bit applications without a problem, it’s not compatible with 32-bit hardware drivers or 32-bit utilities. This means you need a native 64-bit driver for every device on your PC which unless your PC and all your attached components have drivers to support 64-bit, finding support for all your hardware may be a bit of a challenge., especially on older computers. The major benefit? 64-bit software running on 64-bit Windows 7 runs as much as 10% faster. Now that we know all this, let’s move on to Chapter 2 and learn how to install Windows 7 step by step. It is not like the other legacy Windows Operating Systems where you could just put the CD or DVD in and choose all the defaults and put a password in. 44 Chapter 2 - Installing Windows 7 Installing Windows 7 is particularly easy, but keep in mind that if you try to do an upgrade from Windows XP it will be a waste of your time and it will error out and you will have to start over from the beginning. Also, check and make sure that the PC or laptop you are upgrading supports Vista drivers as they are compatible with Windows 7. The first laptop I used to install Windows 7 was a relatively new HP/Compaq Presario. When I got done with the Windows 7 installation from XP, the spare video port, the audio, and NIC card did not work. After researching I found that the laptop does not have Vista drivers and the HP website showed that the laptop was not Vista compatible. I installed the 64-bit and the 32-bit versions on the same PC. Visually they are virtually identical however, the 64-bit version installed in 18 minutes and the 32- bit version installed in 31 minutes, a big speed difference even with the installation. Let’s first go step by step and install the operating system using the upgrade option from XP on this PC. Windows PreInstallation Environment (Windows OE) Windows PreInstallation Environment (Windows PE) 3.0 is a minimal Win32 operating system with limited services, built on the Windows 7 kernel. It is used to prepare a computer for Windows installation, to copy disk images from a network file server, and to initiate Windows Setup. Windows PE is not designed to be the primary operating system on a computer, but is instead used as a standalone preinstallation environment and as an integral component of other Setup and recovery technologies, such as Setup for Windows 7, Windows Deployment Services (Windows DS), the Systems Management Server (SMS) Operating System (OS) Deployment Feature Pack, and the Windows Recovery Environment (Windows RE). Windows PE is such a new product and could be a book on its own. Most of the information in these next two sections is taken directly from TechNet.Microsoft.com publically available documentation. We would like to thank Microsoft them for their valuable input. 45 Benefits of Windows PE Windows PE was created to help OEMs and IT professionals boot a computer with no functioning operating system. In the past, OEMs and IT professionals often used an MS-DOS-based boot floppy disk to start a computer. However, an MS-DOS-based boot floppy disk has a number of limitations that make it difficult to use for pre-installing Windows or recovering existing installations or data. It has: • No support for the NTFS file system. • No native networking support. • No support for 32-bit (or 64-bit) Windows device drivers, making it necessary to locate 16-bit drivers. • Limited support for custom applications and scripts. • The limitations of MS-DOS-based startup disks led Microsoft to develop Windows PE, which is now the primary Microsoft tool for booting computers with no functioning operating system. Once you boot a computer into Windows PE, you can prepare it for Windows installation, and then initiate Windows Setup from a network or local source. You can also service an existing copy of Windows or recover data. • Because Windows PE is based on the kernel for Windows 7, it overcomes the limitations of MS-DOS-based boot disks by providing the following capabilities: • Native support for the NTFS 5.x file system, including dynamic volume creation and management. • Native support for TCP/IP networking and file sharing (client only). • Native support for 32-bit (or 64-bit) Windows device drivers. • Native support for a subset of the Win32 Application Programming Interface (API). • Optional support for Windows Management Instrumentation (WMI), Microsoft Data Access Component (MDAC) and HTML Application (HTA). • Ability to start from a number of media types, including CD, DVD, USB flash drive (UFD), and a Remote Installation Services (RIS) server. • Windows PE offline sessions are supported. • Windows PE images can be serviced offline. • Windows PE includes all Hyper-V™ drivers except display drivers. This enables Windows PE to run in Hypervisor. Supported features include mass storage, mouse integration, and network adapters. 46 Common Windows PE Scenarios Windows PE is a modified version of the Windows operating system that is designed to support installing Windows and troubleshooting and recovering an installation that can no longer boot. Windows PE runs every time you install Windows 7. The graphical tools that collect configuration information during the Setup phase are running within Windows PE. In addition, information technology (IT) departments can customize and extend Windows PE to meet their unique deployment needs. Windows PE also provides support for servicing Windows images. Windows PE Troubleshooting Troubleshooting. Windows PE is useful for both automatic and manual troubleshooting. For example, if Windows 7 fails to start because of a corrupted system file, Windows PE can automatically start and launch the Windows Recovery Environment (Windows RE). You can also manually start Windows PE to use built-in or customized troubleshooting and diagnostic tools. OEMs and independent software vendors (ISVs) can use Windows PE to build customized, automated solutions for recovering and rebuilding computers running Windows 7. For example, users can start their computers from Windows PE recovery CDs or recovery partitions to automatically reformat their hard disks and to reinstall Windows 7 with the original drivers, settings, and applications. 47 Windows PE Tools Let’s take a look at the tools that come with Windows PE as follows: F. BCDboot G. BCDEdit H. Bootsect I. Deployment Image Servicing and Management J. Diskpart K. Drvload L. Oscdimg M. Winpeshl N. Wpeinit O. Wpeutil BCDBOOT BCDboot is a tool used to quickly set up a system partition, or to repair the boot environment located on the system partition. The system partition is set up by copying a small set of boot environment files from an installed Windows® image. BCDboot also creates a Boot Configuration Data (BCD) store on the system partition with a new boot entry that enables you to boot to the installed Windows image. You can run BCDboot from Windows® PE. For information on Windows PE, see Windows PE Walkthroughs. BCDboot is included with Windows® 7 and Windows Server® 2008 R2 in the %WINDIR%\System32 folder. BCDboot is also available in the Windows OEM Preinstallation Kit (OPK) and Windows Automated Installation Kit (AIK) under the %Program Files%\\Tools directory, where is either Windows OPK or Windows AIK. BCDboot copies a set of boot environment files from a Windows image that is already on the computer. BCDboot can copy boot environment files from images of Windows Vista®, Windows Server® 2008, Windows 7, or Windows Server 2008 R2. For information on applying a Windows image to a system, see Capture and Apply Windows Images. BCDboot uses the file: %WINDIR%\System32\Config\BCD-Template file to create a new BCD store and initialize the BCD boot-environment files on the system partition. Specific BCD settings can be defined in the BCD-Template file. The tool also copies the most recent versions of boot-environment files 48 from the operating system image %WINDIR%\boot folder and %WINDIR%\System32 folder to the system partition. BCDboot copies files to the default system partition identified by the firmware. You can create this partition by using a partitioning tool such as DiskPart. You do not have to assign a drive letter to this partition for BCDboot to locate it. For more information, see the DiskPart Help from the command line, or Diskpart Command line syntax. On BIOS-based systems, the system partition is the active partition on disks using the Master Boot Record (MBR) disk format. BCDboot creates the \Boot directory on the system partition and copies all required boot-environment files to this directory. On Unified Extensible Firmware Interface (UEFI)-based systems, the EFI system partition is the system partition on disks using the GUID Partition Table (GPT) disk format. BCDboot creates the \Efi\Microsoft\Boot directory and copies all required boot-environment files to this directory. BCDboot can update an existing boot environment to the system partition. Newer file versions from the Windows image will be copied to the system partition. If a BCD store already exists on the system partition: BCDboot will create a new boot entry in the existing BCD store, based on settings in the BCD-Template file, and remove any duplicate boot entries that reference the same Windows image. If there is already a boot entry for the Windows image, and additional BCD settings are enabled for that boot entry beyond the default values, these settings can be retained the next time BCDboot is run by using the /m option to merge the existing boot entry, identified by the OS Loader GUID into the new boot entry created by BCDboot. BCEDIT Boot Configuration Data (BCD) files provide a store that is used to describe boot applications and boot application settings. The objects and elements in the store effectively replace Boot.ini. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu parameters, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows, but with two major improvements: • Exposes a wider range of boot parameters than Bootcfg.exe. • Has improved scripting support. 49 BCDEdit is the primary tool for editing the boot configuration of Windows Vista and later versions of Windows. It is included with the Windows Vista distribution in the %WINDIR%\System32 folder. BCDEdit is limited to the standard data types and is designed primarily to perform single common changes to BCD. For more complex operations or nonstandard data types, consider using the BCD Windows Management Instrumentation (WMI) application programming interface (API) to create more powerful and flexible custom tools. Syntaxes BCDEdit /Command [] [] ... Parameters General BCDEdit Command-Line Option Syntax Description /? Displays a list of BCDEdit commands. Running this command without an argument displays a summary of the available commands. To display detailed help for a particular command, run bcdedit /? , where is the name of the command you are searching for more information about. For example, bcdedit /? createstore displays detailed help for the Createstore command. Parameters that Operate on a Store Syntax Description /createstore Creates a new empty boot configuration data store. The created store is not a system store. /export Exports the contents of the system store into a file. This file can be used later to restore the state of the system store. This command is valid only for the system store. /import Restores the state of the system store by using a backup data file previously generated by using the /export option. This command deletes any existing entries in the system store before the import takes place. This command is valid only for the system store. /store This option can be used with most BCDedit commands to specify the store to be used. If this option is not specified, then BCDEdit operates on the system store. Running the bcdedit /store command by itself is equivalent to running the bcdedit /enum active command. Parameters that Operate on Entries in a Store Syntax Description /copy Makes a copy of a specified boot entry in the same system store. /create Creates a new entry in the boot configuration data store. If a well-known identifier is specified, then the /application, /inherit, and /device parameters cannot be specified. If an identifier is not 50 specified or not well known, an /application, /inherit, or /device option must be specified. /delete Deletes an element from a specified entry. Parameters that Operate on Entry Options Syntax Description /deletevalue Deletes a specified element from a boot entry. /set Sets an entry option value. Parameters that Control Output Syntax Description /enum Lists entries in a store. The /enum option is the default value for BCEdit, so running the bcdedit command without parameters is equivalent to running the bcdedit /enum active command. /v Verbose mode. Usually, any well-known entry identifiers are represented by their friendly shorthand form. Specifying /v as a command-line option displays all identifiers in full. Running the bcdedit /v command by itself is equivalent to running the bcdedit /enum active /v command. Parameters that Control the Boot Manager Syntax Description /bootsequence Specifies a one-time display order to be used for the next boot. This command is similar to the /displayorder option, except that it is used only the next time the computer starts. Afterwards, the computer reverts to the original display order. /default Specifies the default entry that the boot manager selects when the timeout expires. /displayorder Specifies the display order that the boot manager uses when displaying boot parameters to a user. /timeout Specifies the time to wait, in seconds, before the boot manager selects the default entry. /toolsdisplayorder Specifies the display order for the boot manager to use when displaying the Tools menu. Parameters that Control Emergency Management Services Syntax Description /bootems Enables or disables Emergency Management Services (EMS) for the specified entry. /ems Enables or disables EMS for the specified operating system boot entry. /emssettings Sets the global EMS settings for the computer. /emssettings does not enable or disable EMS 51 for any particular boot entry. Parameters that Control Debugging Syntax Description /bootdebug Enables or disables the boot debugger for a specified boot entry. Although this command works for any boot entry, it is effective only for boot applications. /dbgsettings Specifies or displays the global debugger settings for the system. This command does not enable or disable the kernel debugger; use the /debug option for that purpose. To set an individual global debugger setting, use the bcdedit /set command. /debug Enables or disables the kernel debugger for a specified boot entry. BCDboot Command-line Options The following command-line options are available for BCDboot.exe. BCDBOOT source [/llocale] [/svolume-letter] [/v] [/m [{OS Loader GUID}]] BOOTSECT Bootsect.exe updates the master boot code for hard disk partitions to switch between Bootmgr and NT Loader (NTLDR). You can use this tool to restore the boot sector on your computer. This tool replaces FixFAT and FixNTFS. Bootsect Commands Bootsect uses the following command-line options: bootsect.exe {/help | /nt52 | /nt60} {SYS | ALL | } [/force] /mbr For example, to apply the master boot code that is compatible with NTLDR to the volume labeled E, use the following command: bootsect.exe /nt52 E: Syntax Description /help Displays these usage instructions. /nt52 Applies the master boot code that is compatible with NTLDR to SYS, ALL, or . The operating system installed on SYS, ALL, or must be Windows® XP. /nt60 Applies the master boot code that is compatible with Bootmgr to SYS, ALL, or . The operating system installed on SYS, ALL, or must be Windows Vista®. SYS Updates the master boot code on the system partition used to boot Windows. 52 ALL Updates the master boot code on all partitions. The ALL option does not necessarily update the boot code for each volume. Instead, this option updates the boot code on volumes that can be used as Windows boot volumes, which excludes any dynamic volumes that are not connected with an underlying disk partition. This restriction is present because boot code must be located at the beginning of a disk partition. Updates the master boot code on the volume associated with this drive letter. Boot code will not be updated if either: • is not associated with a volume • is associated with a volume not connected to an underlying disk partition. /force Forcibly dismounts the volumes during the boot code update. You must use this option with caution. If Bootsect.exe cannot gain exclusive volume access, then the file system may overwrite the boot code before the next reboot. Bootsect.exe always attempts to lock and dismount the volume before each update. When /force is specified, a forced dismount is attempted if the initial lock attempt fails. A lock can fail, for example, if files on the destination volume are currently opened by other programs. When successful, a forced dismount enables exclusive volume access and a reliable boot code update even though the initial lock failed. At the same time, a forced dismount invalidates all open handles to files on the destination volume. This can result in unexpected behavior from the programs that opened these files. Therefore, use this option with caution. /mbr Updates the master boot record without changing the partition table on sector 0 of the disk that contains the partition specified by SYS, ALL, or . When used with the /nt52 option, the master boot record is compatible with operating systems older than Windows Vista. When used with the /nt60 option, the master boot record is compatible with Windows® 7, or Windows Server® 2008. For example, to apply the master boot code that is compatible with NTLDR to the volume labeled E:, use the following command: bootsect /nt52 E Deployment Image Servicing and Management Deployment Image Servicing and Management (DISM) is a command-line tool used to service Windows® images offline before deployment. You can use it to install, uninstall, configure, and update Windows features, packages, drivers, and international settings. Subsets of the DISM servicing commands are also available for servicing a running operating system. DISM is installed with Windows 7, and it is also distributed in the Windows OEM Preinstallation Kit (Windows OPK) and the Windows Automated Installation Kit (Windows AIK). It can be used to service Windows Vista with Service Pack 1 (SP1), Windows Server 2008, Windows 7, Windows Server 2008 R2, or Windows PE images. DISM replaces several Windows OPK tools, including PEimg, Intlcfg, and Package Manager. 53 DISM Command-Line Options To service an offline Windows image, you must first mount the image. You can use Windows image (WIM) commands and arguments to mount a WIM image for servicing and management. You can also use these commands to list the indexes or verify the architecture for the image you are mounting. After you update the image, you must unmount it and either commit or discard the changes you have made. The following commands can be used to mount, unmount, and query WIM files. These options are not case sensitive. Syntax Argument /Mount-Wim /WimFile: /Index: /Name: /MountDir: /ReadOnly /Commit-Wim /MountDir: The base syntax for nearly all DISM commands is the same. After you have mounted or applied your Windows image so that it is available offline as a flat file structure, you can specify any DISM options, the servicing command that will update your image, and the location of the offline image. You can use only one servicing command per command line. If you are servicing a running computer, you can use the /Online option instead of specifying the location of the offline Windows Image. The base syntax for DISM is: DISM.exe {/Image: | /Online} [dism_options] {servicing_command} [] The following DISM options are available for an offline image. DISM.exe /image: [/WinDir:] [/LogPath:] [/LogLevel:] [SysDriveDir:] [/Quiet] [/NoRestart] [/ScratchDir:] The following DISM options are available for a running operating system. DISM.exe /online [/LogPath:] [/LogLevel:] [/Quiet] [/NoRestart] [/ScratchDir:] 54 DISKPART DiskPart is a text-mode command interpreter that enables you to manage objects (disks, partitions, or volumes) by using scripts or direct input from a command prompt. Before you can use DiskPart commands, you must first list, and then select an object to give it focus. When an object has focus, any DiskPart commands that you type will act on that object. You can list the available objects and determine an object's number or drive letter by using the list disk, list volume, and list partition commands. The list disk and list volume commands display all disks and volumes on the computer. However, the list partition command only displays partitions on the disk that has focus. When you use the list commands, an asterisk (*) appears next to the object with focus. You select an object by its number or drive letter, such as disk 0, partition 1, volume 3, or volume C. When you select an object, the focus remains on that object until you select a different object. For example, if the focus is set on disk 0 and you select volume 8 on disk 2, the focus shifts from disk 0 to disk 2, volume 8. Some commands automatically change the focus. For example, when you create a new partition, the focus automatically switches to the new partition. You can only give focus to a partition on the selected disk. When a partition has focus, the related volume (if any) also has focus. When a volume has focus, the related disk and partition also have focus if the volume maps to a single specific partition. If this is not the case, focus on the disk and partition is lost. Diskpart / The available syntaxes are: Active, Add, Assign, Attributes, Automount, Break, Clean, Convert, Create, Delete, Detail, Exit, Extend, Filesystems, Format, GPT, Help, Import, Inactive, List, Offline, Online, Recover, Rem, Remove, Repair, Rescan, Retain, Select, Setid, Shrink, Uniqueid. NOTE: There are just too many options and syntaxes for this to place in this book. I recommend that you study the items at this link: http://technet.microsoft.com/en-us/library/cc770877(WS.10).aspx DRVLOAD The Drvload tool adds out-of-box drivers to a booted Windows® PE image. It takes one or more driver .inf files as inputs. To add a driver to an offline Windows PE image, use the Deployment Image Servicing and Management (DISM) tool. If the driver .inf file requires a reboot, Windows PE will ignore the request. If the driver .sys file requires a reboot, then the driver cannot be added with Drvload. 55 The following command-line options are available for Drvload. drvload.exe inf_path [,inf_path [...]] [/?] Syntax Description /? Displays usage information. inf_path Specifies the path to the driver .inf file. The path can contain environment variables. OSCDIMG Oscdimg is a command-line tool for creating an image file (.iso) of a customized 32-bit or 64-bit version of Windows® PE. You can then burn the .iso file to a CD-ROM or DVD-ROM. Oscdimg supports ISO 9660, Joliet, and Universal Disk Format (UDF) file systems. Oscdimg Command-Line Options The following command-line options are available for Oscdimg. oscdimg [options] SourceLocationTargetFile Syntax Description -a Displays the allocation summary for files and directories. -b location Specifies the location of the El Torito boot sector file. Do not use any spaces, for example, -bC:\Directory\Etfsboot.com -c Specifies to use ANSI file names instead of OEM file names. -d Does not force lowercase file names to uppercase. -e This option disables floppy disk emulation in the El Torito catalog. This option can only be used for single boot entry images and can not be combined with any multi-boot entry switches. -g Uses the Universal Coordinated Time (UCT) for all files rather than the local time. -h Includes hidden files and directories. -j1 Encodes Joliet Unicode file names and generates DOS-compatible 8.3 file names in the ISO 9660 namespace. These file names can be read by either Joliet systems or conventional ISO 9660 systems, but Oscdimg may change some of the file names in the ISO 9660 name space to comply with DOS 8.3 and/or ISO 9660 naming restrictions. When using the -j1, -j2, or -js options, the -d, -n, and -nt options do not apply and cannot be used. 56 -j2 Encodes Joliet Unicode file names without standard ISO 9660 names. (Requires a Joliet operating system to read files from the CD-ROM.) When using the -j1, -j2, or -js options, the -d, -n, and -nt options do not apply and cannot be used. -js Overrides the default text file used with the -j2 option, for example, -jsc:\Readme.txt When using the -j1, -j2, or -js options, the -d, -n, and -nt options do not apply and cannot be used. -k Creates an image even if it fails to open some of the source files. -l labelname Specifies the volume label. Do not use spaces between the l and labelname. For example, -lMYLABEL -m Ignores the maximum size limit of an image. -maxsize: limit Overrides the default maximum size of an image. The default value is a 74-minute CD, unless UDF is used, in which case, the default is that there is no maximum size. The limit value is specified in megabytes (MB). For example, -maxsize:4096 limits the image to 4096 MB. The -m option cannot be used with this option. -n Enables long file names. -nt Enables long file names that are compatible with Windows NT 3.51. -o Optimizes storage by encoding duplicate files only once using a MD5 hashing algorithm to compare files. -oc Optimizes storage by encoding duplicate files only once using a binary comparison of each file. This option is slower than the -o option. -oi Optimizes storage by encoding duplicate files only once. When comparing files, ignores Diamond compression timestamps. -os Optimizes storage by encoding duplicate files only once. Shows duplicate files when creating the image. -ois Optimizes storage by encoding duplicate files only once. When comparing files, ignores Diamond compression timestamps. Shows duplicate files when creating the image. -p Specifies the value to use for the Platform ID in the El Torito catalog. The default is 0x00 to represent the x86 platform. This option can only be used for single-boot entry-images and cannot be combined with any multi-boot entry switches. -q Scans the source files only; it does not create an image. -t mm/dd/yyyy,hh:mm:ss Specifies the timestamp for all files and directories. Do not use any spaces. Use the United States of America date format and a 24-hour clock. You can use any delimiter between the items. For example, -t12/31/2000,15:01:00 57 -u1 Produces an image that has both the UDF file system and the ISO 9660 file system. The ISO 9660 file system will be written with DOS-compatible 8.3 file names. The UDF file system will be written with Unicode file names. This option cannot be combined with the -n, -nt, or -d options. -u2 Produces an image that has only the UDF file system on it. Any system not capable of reading UDF will only see a default text file alerting the user that this image is only available on computers that support UDF. This option cannot be combined with the -n, - nt, or -d options. -ur Overrides the default text file used with the -u2 option. Example: -urc:\Readme.txt This option cannot be combined with the -n, -nt, or -d options. -us Creates sparse file when available. This can only be used with the -u2 option. This option cannot be combined with the -n, -nt, or -d options. -ue Creates embedded files. This can only be used with the -u2 option. This option cannot be combined with the -n, -nt, or -d options. -uf Embeds UDF file identifier entries. This can only be used with the -u2 option. This option cannot be combined with the -n, -nt, or -d options. -uv Specifies UDF Video Zone compatibility during DVD Video/Audio disk creation. This means UDF 1.02 and ISO 9660 are written to the disk. Also, all files in the VIDEO_TS, AUDIO_TS, and JACKET_P directories are written first. These directories take precedence over all other ordering rules used for this image. This option cannot be combined with the -n, -nt, -d, -j1, -j2, -js, -u1, -u2, -ur, -us, -ue, -uf, or -yl options. -ut Truncates the ISO 9660 portion of the image during DVD video/audio disk creation. When this option is used, only the VIDEO_TS, AUDIO_TS, and JACKET_P directories are visible from the ISO 9660 file system. This option cannot be combined with the -n, -nt, -d, -j1, -j2, -js, -u1, -u2, -ur, -us, -ue, -uf, or -yl options. -w1 Reports all file names or depths that are not ISO-compliant or Joliet-compliant. -w2 Reports all file names that are not DOS-compliant. -w3 Reports all zero-length files. -w4 Reports each file name that is copied to the image. -x Computes and encodes the AutoCRC value in the image. -yd Suppresses warnings for non-identical files with the same initial 64,000 bytes. -yl Specifies long allocation descriptors instead of short allocation descriptors. This option cannot be combined with the -n, -nt, or -d options. -y5 Specifies file layout on disk. This option writes all files in an i386 directory first and in reverse sort order. -y6 Specifies that directory records be exactly aligned at the end of sectors. 58 -yo Specifies file layout on disk. This option specifies a text file that has a layout for the files to be placed in the image. The rules for this file are listed below. 1. The order file must be in ANSI. 2. The order file must end in a new line. 3. The order file must have one file per line. 4. Each file must be specified relative to the root of the image. 5. Each file must be specified as a long file name. No short names are allowed. 6. Each file path cannot be longer than MAX_PATH, including volume name. Note that not all files must be listed in the order file. Any files that are not listed in this file will be ordered as they would be by default in the absence of an ordering file. -yw Opens source files with write sharing. SourceLocation Required. Specifies the location of the files that you intend to build into an .iso image. TargetFile Specifies the name of the .iso image file. Creating DVD images For images larger than 4.5 GB, you must create a boot order file (Bootorder.txt) to ensure boot files are located at the beginning of the image. For example, oscdimg -m -n –yoC:\temp\bootorder.txt -bC:\winpe_x86\etfsboot.com Where bootorder.txt contains the following list of files. boot\bcd boot\boot.sdi boot\bootfix.bin boot\bootsect.exe boot\etfsboot.com boot\memtest.efi boot\memtest.exe boot\en-us\bootsect.exe.mui boot\fonts\chs_boot.ttf boot\fonts\cht_boot.ttf boot\fonts\jpn_boot.ttf 59 boot\fonts\kor_boot.ttf boot\fonts\wgl4_boot.ttf sources\boot.wim WINPESHI Winpeshl.ini controls whether a customized shell is loaded in Windows® PE or the default Command Prompt window. To load a customized shell, create a file named Winpeshl.ini and place it in %SYSTEMROOT%\System32 of your customized Windows PE image. The .ini file must have the following sections and entries. [LaunchApp] AppPath = %SYSTEMDRIVE%\myshell.exe [LaunchApps] %SYSTEMDRIVE%\mydir\application1.exe, {option} Set the AppPath entry to the path to your shell application. You can use a fully qualified path, or you can use environment variables, such as %SYSTEMROOT%\System32\Myshell.exe. The AppPath entry does not support command-line options. Use the [LaunchApps] section to run applications with command-line options. The applications run in the order listed. Separate the name of the application from its options with a comma. When you exit the Command Prompt window or your customized shell application, Windows PE restarts. ALERT: Do not edit the value of CmdLine in the HKEY_LOCAL_MACHINE\SYSTEM\Setup registry key of Setupreg.hiv to start your shell application. WPEINIT Wpeinit is a command-line tool that initializes Windows® PE each time that Windows PE boots. When Windows PE boots, Winpeshl.exe executes the Startnet.cmd command script, which launches Wpeinit.exe. Specifically, Wpeinit.exe installs Plug and Play devices, processes Unattend.xml settings, and loads network resources. Wpeinit replaces the initialization function previously supported in Factory.exe - winpe. Wpeinit outputs log messages to c:\Windows\system32\wpeinit.log. Wpeinit Command-Line Options You can manually execute Wpeinit from a Windows PE Command Prompt window to process a custom answer file. Wpeinit.exe accepts one option called -unattend. You can specify the parameter in one of four ways: wpeinit -unattend= wpeinit -unattend: wpeinit /unattend= wpeinit /unattend: 60 WPEUTIL The Windows® PE utility (Wpeutil) is a command-line tool that enables you to run various commands in a Windows PE session. For example, you can shut down or restart Windows PE, enable or disable a firewall, set language settings, and initialize a network. Wpeutil Command-Line Options Wpeutil uses the following conventions. wpeutil {command}[argument] For example, wpeutil shutdown wpeutil enablefirewall wpeutil SetMuiLanguage de-DE Command Description CreatePageFile [/path=] [/size=] Creates a page file to a specified path and size. Default path is C:\pagefile.sys and size is 64 megabytes. At least one option must be specified. For example, wpeutil CreatePageFile /path=C:\pagefile.sys. DisableExtendedCharactersForVolume Disables extended character support for DOS-compatible file names (8.3 format) for the volume containing . must specify the root of the volume, for example C:\. If disabled, all files that have been created with extended characters will be converted to a short filename. This command only applies to NTFS volumes. DisableFirewall Disables a firewall. This command does not require any arguments. EnableExtendedCharactersForVolume Allows 8.3 format file names to contain extended characters on the volume containing . must specify the root of the volume, for example C:\. This command only applies to NTFS volumes. EnableFirewall Enables a firewall. This command does not require any arguments. InitializeNetwork Initializes network components and drivers, and sets the computer name to a randomly-chosen value. ListKeyboardLayouts Lists the supported keyboard layouts (Name and ID) for a given Locale ID (LCID) value. The keyboard layouts will also be updated in the registry under the key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE\KeyboardLayouts. For a list of valid Locale IDs. For example, wpeutil ListKeyboardLayouts 0x0409 -orwpeutil ListKeyboardLayouts 1033 Reboot Restarts the current Windows PE session. 61 Note You can restart the current Windows PE session by running the following wpeutil.exe commands: • wpeutil shutdown • wpeutil reboot Saveprofile Stops logging and saves the custom profile to the location the use specified earlier with the DISM /enable-profiling command. Fo more information on the /enable-profiling command-line optio wpeutil Saveprofile < profile_file_name > "short description" SetKeyboardLayout Sets the keyboard layout in the current Windows PE session. This will take effect for processes after the command succeeds. To obtain a list of supported keyboard layouts, run ListKeyboardLayouts . To set the keyboard for en-US, use wpeutil SetKeyboardLayout 0409:00000409 SetMuiLanguage [;] Sets the language. uses the international language code format (for example, en-US for the U.S. English language). You can specify multiple languages in priority order, by separating them with a semicolon. For example, wpeutil SetMuiLanguage de-DE;en-US SetUserLocale [;] Sets the user locale. uses the international languag code format (for example, en-US for the U.S. English language). You can specify multiple languages in priority order, by separating them with a semicolon. For example, wpeutil SetUserLocale de-DE;en-US Shutdown Shuts down the current Windows PE session. UpdateBootInfo Updates information about the method used to boot Windows PE Information is stored in the registry in the key HKLM\SYSTEM\CurrentControlSet\Control. The results of this operation might change after loading additional driver suppor WaitForRemoveableStorage During the Windows PE startup sequence, this command will block startup until the removable storage devices, such as USB hard drives, are initialized. 62 Scanstate Migration Tool The User State Migration Toolkit (USMT) for Windows 7 allows you to determine which migration store type best meets your needs. It allows you to determine how much space is required to run the Microsoft Windows 7 on the source and destination computers. It will also determine the space needed to create and host the migration store, whether you are using a local share, network share, or storage device. It is a very powerful tool. Let’s take a look at the different ways you can run this tool looking at the following: • Hard-Link Migration Store • Running ScanState • Offline Windows Images • Volume Shadow Copy Support Hard-Link Migration Store: Hard-link migration stores are stored locally on a computer that is being reinstalled and can be used to migrate user accounts, files, and settings in less time using megabytes of disk space instead of gigabytes. Running ScanState ScanState is a Windows PE command. USMT now supports migration from previous installations of Windows contained in Windows.old directories. This directory is created if you do a full install of Windows 7 and contains all the old Windows installation files including the User folders. Offline Windows Images The offline directory can be a Windows directory when you run the ScanState command in Windows PE or the Windows.old when you run the ScanState command in Windows. Volume Shadow Copy Support With the /vsc syntax used with the State command allows you to use the volume shadow copy service to capture files that are locked for editing by other applications. Configurable File Errors The Config.xml file to configure which file or registry read/write errors can be safely ignored by the /c command-line option and which ones might cause the 63 migration to fail. In addition, the /genconfig option now generates a sample section that is enabled by specifying error codes and desired behaviors in the Config.xml file. Sidebar: New Helper Functions: The ScanState command has two new helper functions called the Offline Windows Imagescan or the MigXmlHelper.GenerateDocPatterns that enable new migration scenarios: Offline Windows Imagescan be used to control which files are migrated, based on properties that you specify. For example, date created, date modified, date accessed, and file size. MigXmlHelper.GenerateDocPatterns can be used to find user documents on a computer automatically without your having to author extensive custom migration .xml files. Note: If you add the /listfiles syntax to the Scanstate command you can generate a text file list of all files included in the migration. Usmtutils.exe This is a new tool that supplements the functionality provided by Scanstate.exe and Loadstate.exe. Local Group Migration You can use the new section in the Config.xml file to configure local group membership of users during the migration. Such as the local administrators group as being members of the local users group during a migration Sidebar: Plan Your Migration 1. Depending on whether your migration scenario is refreshing or replacing computers, you can choose an online migration or an offline migration using Windows PE or Windows.old. 2. Determine What to Migrate such as end-user information, applications settings, operating-system settings, files, folders, and registry keys. 3. Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. 4. Utilize the /genmigxml syntax to help determine which files will be included in your migration, and to determine if any modifications are necessary. 64 5. Modify the Migration.xml and MigDocs.xml files, and create custom .xml files, if necessary to identify what to migrate such as the Documents, etc. 6. The document finder MigXmlHelper.GenerateDocPatterns, is a helper function that can be used to automatically find user documents on a computer without authoring extensive custom migration .xml files. 7. Create a Config.xml File if you want to exclude any components from the migration. To create this file, specify the /genconfig option along with the other .xml files when you use the ScanState command. scanstate /genconfig:config.xml /i:miguser.xml /i:migapp.xml /v:13 /l:scanstate.log 8. Review the migration state of the components listed in the Config.xml file, and specify migrate=no for any that you do not want to migrate. Using ScanState 1. Back up the source computer. 2. Close all applications. 3. Run the ScanState command on the source computer to collect files and settings. You should specify all of the .xml files that you want the ScanState command to use. scanstate \\fileserver\migration\mystore /config:config.xml /i:miguser.xml /i:migapp.xml /v:13 /l:scan.log 4. Prepare the Destination Computer and Restore Files and Settings by installing the operating system on the destination computer. 5. Install all applications that were on the source computer. Although it is not always essential, it is good practice to install all applications on the destination computer before restoring the user state. This ensures that migrated settings are preserved. ALERT: The application versions that are installed on the destination computer should be the same version as the one on the source computer. 6. Close all applications on the Destination Computer 7. Run the LoadState command on the destination computer. Specify the same set of .xml files that you specified when using the ScanState command. However, you do not have to specify the Config.xml file, unless you want to exclude some of the files and settings that you migrated to the store. 65 For example, the following command migrates the files and settings to a destination computer running Windows Vista or Windows 7: loadstate \\fileserver\migration\mystore /config:config.xml /i:miguser.xml /i:migapp.xml /v:13 /l:load.log 8 .Log off after you run the LoadState command. Some settings (for example, fonts, wallpaper, and screensaver settings) will not take effect until the next time the user logs on. 66 Upgrade to Windows 7 Upgrade Option from XP This is funny. I just told you that it couldn’t be done. But I wanted to show you the error in figure 2.1. It takes a while to get to this error so don’t try it to see if it will magically work for you. You will just get frustrated! Figure 2.1 So now that you can see I have a sense of humor let’s try this again using Windows Vista. 67 Upgrade to Windows 7 Upgrade Option from Vista One of the coolest things is that Vista drivers are all compatible with Windows 7. I remember how long it took some printers and wireless devices to come out with Vista drivers when I did XP upgrades. XP drivers for the most part are not compatible with Vista. Let’s go step by step. I am skipping the screen that asks you for the time and date and the password. I couldn’t take screen shots of the screen. I took pictures with a camera but the editor said, “No way!” to my decision to put the pictures in the book because the quality made the book look unprofessional. Of course when I looked at it printed on paper I agreed with her. I will assume that you have seen these screens previously and can figure them out. 1. Insert the Windows 7 DVD. ALERT: The DVD does have an auto run but on the Vista install it would not auto run for me on two different PC’s. I had to open the DVD drive in My Computer and double click setup.exe. NOTE: If you are performing an upgrade, the Windows installation process will not delete the old version. It will rename the Windows Root folder. 2. Click Install now on the Install Windows screen. If you by chance have an older computer without at least 1GB of RAM you can forget passing the “Check Compatibility Online” option. I checked it with my laptop that wasn’t compatible and it still passed it. One of the PC’s failed because of the video card and another failed because of deficient RAM. Figure 2.2 shows the initial install screen. 68 Figure 2.2 3. Press “Install Now” and the computer will begin the installation. As shown in figure 2.3 Figure 2.3 4. I chose the upgrade on this one as shown in figure 2.4. 69 Figure 2.4 NOTE: Most of the settings will come over from Vista at the end of the installation. But if you are the I.T. administrator of a domain, you will want to read the chapter on Domain Administration and Configuration. Figure 2.5 5. You will want to accept the license terms and click, “Next” as shown in figure 2.5. ALERT: First it will copy the necessary files to the hard drive, reboot, and then start the configuration. It will be an automated process as shown in Figure 2.6. The PC may reboot as many as two more times before you are prompted for other 70 options. On one installation I got a compatibility report. This is used to help you determine what may not work properly after the upgrade. Figure 2.6 6. It will prompt you for a Windows login, password, and password hint. Windows 7 will use the login name you gave as part of the default computer name which you can change before continuing. It will also give you a screen that allows you to set the time and date before you get your brand new desktop. 71 Using Windows Easy Transfer Windows Easy Transfer is just what it says, easy. You can use the Internet or go online and purchase an easy transfer cable. A standard USB cable will not work. You can also use an external USB or flash drive as well. The Windows Easy Transfer allows you to transfer profile settings such as the user accounts, documents, music, pictures, e-mail configuration settings, IE favorites, videos, desktop items, printer settings, and much more as shown in figure 2.7. Figure 2.7 Since I just went online and ordered my Easy Transfer Cable I won’t have one to show you so I will use Windows Easy Transfer from my Vista laptop using the network I have here and make that selection in figure 2.8. 72 Figure 2.8 After you choose the network selection, Windows 7 or Vista will give you a Windows Easy Transfer Key to use on the old PC you are transferring from as shown in figure 2.9. Figure 2.9 Once you have entered the Windows Easy Transfer Key, it will automatically search the network for the new PC and transfer the profiles. This is not a quick transfer. This took about two hours for my profile containing about 2GB of files in the profiles. 73 Configuring a Virtual Hard Disk (VHD) Windows 7 has a new feature called “VHD Boot”. Using VHD, you can boot your entire Windows from a Virtual Hard Disk file (as those used with Virtual PC or Virtual Server). The advantages are significant as you only need to copy one file (the .VHD file) to a USB external drive and you’re entire system is included. Also, one VHD file can be based on another one. So if you have different systems, create a base copy of Windows 7 on a VHD and make all others incremental. This allows you to save a lot of disk space! I have to note though, there are a couple of disadvantages. For starters, the .VHD booted operating system has to be Windows 7, Windows Server 2008 R2 or later. Then there is also a degradation of performance. Some texts say only 3% but on the ones I created, it was more in the area of 20%. Really a noticeable difference. Some more disadvantages are that the Windows hibernate function and most BitLocker configurations don’t work. BitLocker can be used within the guest VHD, but not on the volume where the VHD resides. Also, if you like the really cool feature of Aero, they don’t work because the Windows Experience index won’t work. Note: I couldn’t find any texts on this, but I exchanged a physically booted VHD file with Virtual PC VHD files. All you need to do is run sysprep /generalize /oobe. Also the OS needs to be 32-Bit because of Virtual PC. Installing a VHD-Boot Machine 1. Boot the system with a Windows 7 DVD or USB stick. 2. At the setup screen, don’t choose “Install Now”, but press “Shift-F10” to get into command line mode. Which is a cool little shortcut. 3. Enter diskpart to start the partitioning utitlity. 4. Create a new VHD file by entering the following: create vdisk file=”D:\pathToVhd.vhd” type=expandable maximum=maxsizeInMegabyte 5. Now select the new VHD and attach it as a physical disk. select vdisk file=”D:\pathToVhd.vhd” 6. After that switch back to the setup window (e.g. using ALT+TAB) and start the setup top attach a VDisk. 74 7. Now proceed with the normal setup, but make sure you install to the correct disk (normally the last one), ignore the “Windows cannot install to this disk” warning. 8. At next startup, you’ll see Windows 7 in the boot menu. If you want to add a VHD manually to the boot menu, use this command: bcdedit /copy {originalguid} /d "New Windows 7 Installation" bcdedit /set {newguid} device vhd=[D:]\Image.vhd bcdedit /set {newguid} osdevice vhd=[D:]\Image.vhd bcdedit /set {newguid} detecthal on 9. Right click on the My Computer icon in the Start Bar and choose Manage. If you are prompted from the UAC press Yes and continue. 10. To attach an existing VHD File In the left pane, right click on Disk Management, and click on Attach VHD as shown in Figure 2.10. NOTE: You can also click on Disk Management, Action on the menu bar, and Attach VHD. Figure 2.10 11. Click on the Browse button as shown in Figure 2.11. 12. Navigate to the VHD file location and select it, then click on the Open button. 75 Figure 2.11 Note: If you want the VHD to be read-only, click the check the box, otherwise leave it unchecked. Click on OK. If the existing VHD file is not created look at Creating a VHD in the next section. Creating a VHD 1. In the left pane, right click on Disk Management, and click on Create VHD as shown in figure 2.12. Figure 2.12 2. After choosing to create a VHD, select a location to save your VHD file to as shown in figure 2.13. 76 Figure 2.13 3. Next, enter the maximum size you want the Virtual Hard Disk to be, and select the size type to be used. Choose MB, GB, or TB. (1024 MB = 1 GB, 1024 GB = 1 TB) 4. Select whether to let Windows decide the size by choosing Dynamic or used a set size by choosing Fixed, and click on OK. 5. The new disk will show in the right pane as unallocated space. Right click on the new unallocated VHD Disk # and click on Initialize Disk. 6. Select the Disk # from above for the new VHD. You will have to choose if you want the new VHD to have Master Boot Record (MBR) or GUID Partition Table (GPT) partition, and click on OK. 7. Right click again on the new unallocated VHD and click on New Simple Volume. 8. Next type in how much of the maximum disk space you would like to use for this VHD partition, and click on Next. 77 9. You will next be able to select wither a FAT or a NTFS file system and enter a name for your VHD. Last click the “Perform a quick format” check box, and click on Next as shown in figure 2.14. Figure 2.14 Figure 2.15 10. Figure 2.15 sums up all the instructions I just gave you. Click the Finish button and it will create a new simple volume on your VHD which will be already attached. 78 Chapter 3 –Security and Networking The Control Panel is the central configuration point of most of the user’s system settings, security, networking, and the system settings in Windows 7. Unfortunately there is no longer an option for Classic View as there was in Windows Vista. So you’re just going to have to learn how the settings are now categorized. Let’s take a look at the settings and options of the Control Panel. Figure 3.1 shows the menu of the Control Panel. You will see the Control Panel options in figure 3.1 Figure 3.1 Let us explore all the Control Panel options. We will focus on those that are the most necessary to know for system and network administration. 79 System and Security Figure 3.2 System and Security is the first option on the Control Panel as shown in figure 3.2. Here you will find several new items including the Action Center, the new enhanced Firewall, Windows Updates, a new feature called BitLocker, Power Options, Windows Backup and Restore, System Options, and Administrative Tools for the maintenance and installation of your systems physical storage and storage devices. Let’s take a look at these features one by one starting with the Action Center. 80 Action Center This is where Microsoft decided that all the annoying little features that were included in Windows Vista could be turned off. You will find these items in the User Account Control also known as the UAC. This is also where you will now find the Windows Recover feature. Let’s take a look at the options in this section as shown in figure 3.3. Figure 3.3 You can see from figure 3.3 that the first screen of the Action Center is actually a status screen with links to make changes. The first option as shown in figure 3.4 shows the firewall status. 81 Figure 3.4 Unless you modify the settings the firewall, anti-virus, updates, or Windows Defender which is installed by default, Windows will alert you with a little flag on your Start Bar as shown in figure 3.5. Figure 3.5 The next two options detect if your anti-virus program and Windows Defender are installed and turned on. In figure 3.6 you will see that Windows Defender is turned on but I have not installed an anti-virus program on this test pc. Also shown is the Windows Update Service displaying that the settings are turned on. 82 This is recommended. But if you are in a business environment centralized control and approval of updates after testing is recommended using Windows Server Update Service, and since Service Pack 2 was released it runs much faster and more efficiently. Figure 3.6 Next let’s take a look at the Internet Security Settings which we will discuss later in the book. The Internet Security Settings as shown in figure 3.7 are the same that you see in Windows Internet Explorer when you go to Internet Options and modify the Security Settings. You will notice as you go through the Control panel that there are quite a few places to modify these settings. Figure 3.7 83 Figure 3.7, also shows the User Account Control. This is where you control all those annoying security pop-ups that came in the feature rich Windows Vista. These are the ones that every change you made came up and wanted an Ok or a password. Well good news. You get to modify these settings until your heart is content and make them go away completely if you’d like. Figures 3.8, 3.9, 3.10, 3.11 show the four options available and when you will receive an alert. Figure 3.8 84 Figure 3.9 Figure 3.10 85 Figure 3.11 Network Access Protection (NAP) as also shown in figure 3.7 a few pages back is a platform that network administrators can use to help protect their network. We will cover this more in the Domain Connectivity section of Chapter 4. 86 Windows Firewall Configuration and Options Well this is where this book will really come in handy. No longer does the Windows firewall pop up with a screen and give you three tabs to configure port names and type to block or unblock. It is a true firewall in the sense that it is feature rich and you have to configure rules just like a hardware router or firewall. When you first click on the firewall it will tell you the different Home, Work, and Public networks you are connected to. Each one can be configured individually. This gives you a lot of flexibility when you connect to multiple networks. There are several options available as you can see in figure 3.13 and 3.14. The first option is called, “Allow a program or feature through the Windows Firewall.” If you need to allow a well known game or application this is the easiest place to go to allow it. Click and it will bring up a box with a check list. All you have to do is check the services or applications you want to allow and click Ok. The second option is, “Change notification settings”. Basically this gives you options to make the little flag on the Start Bar. The third option is “Turn Windows Firewall on or off”. This one is a no brainer. If you choose off, which goes against my recommendations, all the connections loose the firewall protection. The fourth option to the left is called, “Advanced Settings” and is what we will focus on for approximately the next 20 pages. 87 Figure 3.13 Figure 3.14 88 Windows Firewall - Advanced Features If you are the systems administrator for the network and you support many desktops, you will really want to pay attention to this section. The firewall settings are now quite complex and the addition of inbound rules as well as outbound rules has really become quite complex for a novice. I foresee many novice users playing in here and screwing everything up. As a systems administrator the “Restore Defaults” link on the left will be your best friend to easily reverse what users have played with. Let’s first take a look at what we are dealing with in figure 3.15. Figure 3.15 Aha! You were probably looking at the screenshot in figure 3.15 and thinking…um…ok I can deal with that. Well guess again. I couldn’t fit the entire screen on the book page without a toggle bar because the writing would be so small on the options you wouldn’t be able to read it just like you can barely read it now. The rest of the screen, which would be to the right of figure 3.15 is below in figure 3.16. Pretend the imaginary toggle bar extends below to that picture. 89 Figure 3.16 Let’s now click on Inbound Rules and take a look at how they are configured. Inbound Rules If you click on the Inbound Rules link, on the left of the page you will get a display of the configured in bound rules. Those in use and allowed, have a green check mark. Those configured but not in use and those disallowed have a grey checkmark icon next to them as shown in Figure 3.17 below. 90 Figure 3.17 Now let’s click on the first BranchCache rule and take a look at the possible settings. Figure 3.18 shows the options available on the General Tab. 91 General Tab Figure 3.18 The General tab allows you to configure the name, and a checkbox to choose to enable the rule. Next you can select the action that Windows will take for network packets, which match the firewall rules criteria. When you have multiple firewall rules defined, the order in which they are evaluated for a match depends on the action specified in the rule. Firewall rules are evaluated in the following order: 1. Allow if secure with Override block rules selected in the Customize Allow if Secure Settings dialog box. 2. Block the connection. 3. Allow the connection. 92 4. Default profile behavior (allows or block as specified on the applicable Profile tab of the Windows Firewall with Advanced Security Properties dialog box). Alert: A rule that specifies five criteria is selected over a rule that specifies only two criteria. As soon as a network packet matches a rule, its action is triggered, and it is not compared to any other rules. Programs and Services Tab Figure 3.19 The Program and Services tab allows you to choose the services or programs that you can apply to this rule. The SYSTEM identified in the rule above indicates that the Windows operating system has access to this rule. If you press Settings you will be able to choose from a list of services installed on the PC. The Computers tab in figure 3.20 allows you to identify exactly which computers are allowed to use this rule and which ones will be blocked. Alert: Click Settings to match packets from all programs and services on the computer (the default), services only, or specify the service. 93 Protocol and Ports Tab Figure 3.20 Figure 3.21 94 The Protocol and Ports tab allows you to identify whether the port number you are configuring is TCP, UDP, or GRE. If you are using dual multi-homed NICs the Remote Port is the port listened to on the PC and the Remote Port is the port on the inside that local network devices will listen to for the traffic. The Windows firewall will modify the traffic from the Remote Port number to the Local Port number. SIDEBAR: TCP or UDP protocol types allow you to specify the local port by using one of the choices from the drop-down list or by specifying a port or a list of ports. The local port is the port on the computer, on which the firewall profile is applied. The following options are available for inbound rules: • All Ports. Selecting this option specifies that all of the TCP and UDP ports for the selected protocol match the rule. • Specific Ports. Select this option if specific port numbers apply. You can use a comma to add additional ports and you can include ranges by separating the low and high values with a hyphen. • RPC Endpoint Mapper. Available for TCP on inbound rules only. This option allows the local computer to receive incoming RPC requests on TCP port 135 to the RPC Endpoint Mapper (RPC-EM). This option also enables RPC-EM to receive RPC over HTTP requests. • RPC Dynamic Ports. This is for TCP ports on inbound rules only. This option allows the local computer to receive inbound network packets to ports assigned by the RPC runtime. • IPHTTPS. Available for TCP only. For Local port inbound rules only. Selecting this option allows the local computer to receive incoming IP over HTTPS (IPTHTTPS) packets from a remote computer. IPHTTPS is a tunneling protocol that supports the embedding of Internet Protocol version 6 (IPv6) packets in IPv4 HTTPS network packets. • Edge Traversal. For UDP on inbound rules only. Selecting this option allows the local computer to receive incoming Teredo network packets. Note: Teredo is an IPv4-to-IPv6 transition protocol. 95 A list of port requirements for Windows PC’s and Windows Servers are shown in Table 3.1. Table 3.1 Port Protocol Network Service System Service Logical Name 7 TCP Echo SimpTcp 7 UDP Echo SimpTcp 9 TCP Discard SimpTcp 9 UDP Discard SimpTcp 13 TCP Daytime SimpTcp 13 UDP Daytime SimpTcp 17 TCP Quotd SimpTcp 17 UDP Quotd SimpTcp 19 TCP Chargen SimpTcp 19 UDP Chargen SimpTcp 20 TCP FTP default data MSFtpsvc 21 TCP FTP control MSFtpsvc 21 TCP FTP control ALG 23 TCP Telnet TlntSvr 25 TCP SMTP SMTPSVC 25 UDP SMTP SMTPSVC 25 TCP SMTP 25 UDP SMTP 42 TCP WINS Replication WINS 42 UDP WINS Replication WINS 53 TCP DNS DNS 53 UDP DNS DNS 53 TCP DNS SharedAccess 53 UDP DNS SharedAccess 67 UDP DHCP Server DHCPServer 67 UDP DHCP Server SharedAccess 69 UDP TFTP tftpd 80 TCP HTTP WMServer 80 TCP HTTP W3SVC 80 TCP HTTP 88 TCP Kerberos Kdc 96 88 UDP Kerberos Kdc 102 TCP X.400 110 TCP POP3 POP3SVC 110 TCP POP3 119 TCP NNTP NntpSvc 123 UDP NTP W32Time 123 UDP SNTP W32Time 135 TCP RPC msmq 135 TCP RPC RpcSs 135 TCP RPC 135 TCP RPC CertSvc 135 TCP RPC ClusSvc 135 TCP RPC DFS 135 TCP RPC TrkSvr 135 TCP RPC MSDTC 135 TCP RPC Eventlog 135 TCP RPC Fax 135 TCP RPC NtFrs 135 TCP RPC LSASS 135 TCP RPC Remote_Storage_User_Link 135 TCP RPC Remote_Storage_Server 135 TCP RPC 135 TCP RPC TermServLicensing 135 TCP RPC Tssdis 137 UDP NetBIOS Name Resolution Browser 137 UDP NetBIOS Name Resolution lanmanserver 137 UDP NetBIOS Name Resolution WINS 137 UDP NetBIOS Name Resolution Netlogon 137 UDP NetBIOS Name Resolution 138 UDP NetBIOS Datagram Service Browser 138 UDP NetBIOS Datagram Service Messenger 138 UDP NetBIOS Datagram Service lanmanserver 97 138 UDP NetBIOS Datagram Service Netlogon 138 UDP NetBIOS Datagram Service Dfs 138 UDP NetBIOS Datagram Service 138 UDP NetBIOS Datagram Service LicenseService 139 TCP NetBIOS Session Service Browser 139 TCP NetBIOS Session Service Fax 139 TCP NetBIOS Session Service SysmonLog 139 TCP NetBIOS Session Service Spooler 139 TCP NetBIOS Session Service lanmanserver 139 TCP NetBIOS Session Service Netlogon 139 TCP NetBIOS Session Service RpcLocator 139 TCP NetBIOS Session Service Dfs 139 TCP NetBIOS Session Service 139 TCP NetBIOS Session Service LicenseService 143 TCP IMAP 161 UDP SNMP SNMP 162 UDP SNMP Traps Outbound SNMPTRAP 270 TCP MOM MOM 389 TCP LDAP Server LSASS 389 UDP LDAP Server LSASS 389 TCP LDAP Server Dfs 389 UDP LDAP Server Dfs 443 TCP HTTPS HTTPFilter 443 TCP HTTPS W3SVC 443 TCP HTTPS 445 TCP SMB Fax 98 445 TCP SMB LicenseService 445 TCP SMB Spooler 445 TCP SMB lanmanserver 445 TCP SMB RpcLocator 445 TCP SMB Dfs 445 TCP SMB Dfs 500 UDP IPSec ISAKMP LSASS 515 TCP LPD LPDSVC 548 TCP File Server for Macintosh MacFile 554 TCP RTSP WMServer 563 TCP NNTP over SSL NntpSvc 593 TCP RPC over HTTP RpcSs 593 TCP RPC over HTTP 636 TCP LDAP SSL LSASS 636 UDP LDAP SSL LSASS 993 TCP IMAP over SSL 995 TCP POP3 over SSL 1270 TCP MOM-Encrypted one point 1433 TCP SQL over TCP SQLSERVR 1433 TCP SQL over TCP SQLSERVR 1434 UDP SQL Probe SQLSERVR 1434 UDP SQL Probe SQLSERVR 1645 UDP Legacy RADIUS IAS 1646 UDP Legacy RADIUS IAS 1701 UDP L2TP RemoteAccess 1723 TCP PPTP RemoteAccess 1755 TCP MMS WMServer 1755 UDP MMS WMServer 1801 TCP MSMQ msmq 1801 UDP MSMQ msmq 1812 UDP RADIUS Authentication IAS 1813 UDP RADIUS Accounting IAS 1900 UDP SSDP SSDPRSRV 2101 TCP MSMQ-DCs msmq 2103 TCP MSMQ-RPC msmq 2105 TCP MSMQ-RPC msmq 2107 TCP MSMQ-Mgmt msmq 99 2393 TCP OLAP Services 7.0 2394 TCP OLAP Services 7.0 2460 UDP MS Theater WMServer 2535 UDP MADCAP DHCPServer 2701 TCP SMS Remote Control (control) 2701 UDP SMS Remote Control (control) 2702 TCP SMS Remote Control (data) 2702 UDP SMS Remote Control (data) 2703 TCP SMS Remote Chat 2703 UDP SMS Remote Chat 2704 TCP SMS Remote File Transfer 2704 UDP SMS Remote File Transfer 2725 TCP SQL Analysis Services 2869 TCP UPNP UPNPHost 2869 TCP SSDP event notification SSDPRSRV 3268 TCP Global Catalog Server LSASS 3269 TCP Global Catalog Server LSASS 3343 UDP Cluster Services ClusSvc 3389 TCP Terminal Services mnmsrvc 3389 TCP Terminal Services TermService 3527 UDP MSMQ-Ping msmq 4011 UDP BINL BINLSVC 4500 UDP NAT-T LSASS 5000 TCP SSDP legacy event notification SSDPRSRV 5004 UDP RTP WMServer 5005 UDP RTCP WMServer 100 42424 TCP ASP.Net Session State aspnet_state 51515 TCP MOM-Clear one point Active directory depends on the following services whose port numbers are outlined in Table 3.1. Services on which Active Directory depends • Active Directory / LSA • Computer Browser • Distributed File System • File Replication Service • Kerberos Key Distribution Center • Net Logon • Remote Procedure Call (RPC) • Server • Simple Mail Transfer Protocol (SMTP) • WINS (in Windows Server 2003 SP1 and later versions for backup Active Directory replication operations, if DNS is not working) • Windows Time • World Wide Web Publishing Service 101 Services that require Active Directory services • Certificate Services (required for specific configurations) • DHCP Server (if so configured) • Distributed File System • Distributed Link Tracking Server (optional but on by default on Windows 2000 computers) • Distributed Transaction Coordinator • DNS Server (if so configured) • Fax Service (if so configured) • File Replication Service • File Server for Macintosh (if so configured) • Internet Authentication Service (if so configured) • License Logging (on by default) • Net Logon • Print Spooler • Remote Installation (if so configured) • Remote Procedure Call (RPC) Locator • Remote Storage Notification • Remote Storage Server • Routing and Remote Access • Server • Simple Mail Transfer Protocol (SMTP) • Terminal Services • Terminal Services Licensing • Terminal Services Session Directory 102 Scope Tab Figure 3.22 Figure 3.22, above shows the Local and Remote IP addresses that will be allowed by this rule. 103 Advanced Tab Figure 3.23 Figure 3.23, displays the Advanced Tab. In this tab you can identify profiles which are groups of settings you can configure. The following are descriptions of each option: Domain: Applies when a computer is connected to a network which uses an Active Directory domain controller. Private: This applies when a computer is connected to a network in which the computer's domain account does not reside. Public: This applies when a computer is connected to a domain through a public network, such as those available in airports and coffee shops. This domain should be quite. Interface Types: The Customize Interface Types dialog box let’s you select all interface types or any combination of Wireless, Local area network, or Remote access. 104 Edge Traversal: Allows the computer to accept unsolicited inbound packets that have passed through an edge device such as a Layer 3 switch, router or firewall. User Tab Figure 3.25 This tab is the easiest. In figure 3.25 you specify the users which will be applied to this rule. The firewall will accept connections from only authorized users you specify. Now let’s say you identify a group of users but one of the users in the group is not allowed. You would put that user under the exceptions list. 105 Outbound Rules Figure 3.26 Outbound rules such as those listed in figure 3.26, have the same menu choices. When configuring these rules you need to be thinking of what traffic you want to allow outbound instead of coming into the PC. 106 New Connection Security Rule Wizard Figure 3.27 If you right click on Inbound Security Rules or Outbound Security Rules from the first Advanced Firewall link you will get an option for a “New Rule”. Because they are so complex Microsoft has tried to simplify this process by creating a wizard. The first screen you get is shown in figure 3.27. You have five options; let’s review these options one by one. Program: This type of firewall rule is used to allow a connection based on an installed program or application. This is an easy way to allow connections for well known products such as Microsoft Office or other applications. It also gives you an option to link to an executable (.exe) file. Alert: The program is allowed to accept connections on any port by default. To restrict a program rule to allow traffic on specified port numbers only, after you create the rule, you he will want to change Protocols and Ports tab rule properties. Port: Allows you to create rules based on a TCP or UDP port number or numbers. Use commas to identify another port. 107 Alert: To restrict the open port to a specified program only, after you create the rule, you must use the Programs and Services tab to change the rule properties. Predefined: Most well known programs and application already have ports and other information already configured in the Windows 7 firewall. All you need to do is select the name of the program and the Windows 7 firewall will enter all the port information for you. Custom: It is recommended that you use this option only if you are an expert and none of the other options above can help you. This option allows you to setup any criteria for the firewall. But beware; you can also stop necessary traffic based on your entries. Figure 3.28 Figure 3.28, shows an authentication screen with three options to choose from for connection authentication. This only appears to secure applications or those using secure connections. The first option asks for authentication but does not require it. The second option requires authentication for inbound connections but not outbound connections. The third and last option requires 108 authentication for every connection. You may also get a screen asking you for an authentication method. Figure 3.29 As discussed earlier in this chapter, figure 3.29, allows you to discuss the profiles which this rule will apply to. 109 Figure 3.30 Finally, the easy part for most people, choose a short name for the rule and a description which is informative enough that if another system administrator needed to do some troubleshooting he or she would be able to understand the purpose of this rule. 110 Firewall Monitoring Figure 3.31 Firewall monitoring is making its fledgling introduction in this new operating system as seen in figure 3.31 above. In this section we are going to go through the configuration options you get when you Click the Windows Firewall with Advanced Security Properties For Local Computer. In case I lost you and you cannot find the screen where to access the figures 3.32-3.35, you will find the Properties link on figures 3.15 and 3.16. Domain, Private, and Public Profile tabs By default the values seen on each of the profiles in figure 3.32, 3.33, and 3.34 are applied whenever Windows Firewall with Advanced Security uses each particular profile. Microsoft recommends that you enable Windows Firewall with Advanced Security on all three profiles. Let’s take a look at these settings in figures 3.32, 3.33, and 3.34. Alert: The firewall state is set by default to On. If you select Off, rules you have created or are using will not be applied or work. 111 Figure 3.32 Figure 3.33 112 Figure 3.34 IPsec Settings Tab Figure 3.35 The tab shown in figure 3.35 is used to configure the IPsec default and systemwide settings. 113 Let’s take a look at all the options on this screen: IPsec defaults: These settings configure the key exchange, data protection, and authentication methods used by IPsec to protect network traffic. Note: Click Customize to display the Customize IPsec Settings dialog box. IPsec exemptions: This option is used to determine whether network traffic containing Internet Control Message Protocol (ICMP) messages are protected by IPsec. IPsec Tunnel Authentication: Most of the time this is used to identify users who are allowed to VPN into the server or network. Here you identify user names of those who are allowed to make an IPsec connection. Change Notification Settings You can turn off the little flag as shown in figure 3.36 and notifications that the firewall is turned off with the settings shown in as shown in figure 3.37. This screen is available on the System and Security Menu in the Control Panel on the right side pane. Figure 3.36 114 Figure 3.37 Troubleshoot Problems Menu The Troubleshoot Problems Menu as seen in figure 3.38 is the last option on the right tool menu in the System and Security Menu in the Control Panel. Click on each item and it will scan your PC and list out any issues it finds. Figure 3.37 115 Configuring Network Connections Since most networking protocols such as IPX and AppleTalk are gone and IP version 6 hasn’t really caught on I will concentrate on how to configure IP settings. First, we will go to the Network and Sharing Center on the Control Panel as shown in figure 3.38. Figure 3.38 Figure 3.39 on the next page shows the networks that are currently connected. You will notice that I have a wireless network already configured called “OdiWAP”. If you have a network connection that uses DHCP and you have plugged in your network cable, chances are you’re already ready to go. We will manually configure an IP4 IP address after we look at configuring a wireless connection next. 116 Figure 3.39 If you have a wireless adapter installed, most likely you can click on the wireless icon on your Start Bar next to the sound icon as seen in figure 3.40. Figure 3.40 If you click on the wireless icon on the task bar it will display the available wireless networks as shown in figure 3.41 on the next page. Figure 3.41 117 If you click on any of the available wireless networks it will either attach to the network or ask you for a security key for secure networks. If you would like to save it for future use, you will be prompted to specify whether the network is a Home, Work, or Public network. Now if we click on the Network Connections link we will see the installed adapters. Notice the green status bars on the ones we are using in figure 3.42. I will click the Local Area Connection and see the Properties screen in Figure 3.43. Figure 3.42 118 Figure 3.43 After we have displayed the Local Area Connections Properties screen shown in figure 3.43 we will need to click on Internet Protocol Version 4(TCP/IPv4) and press Properties again. The properties screen should be showing as seen in Figure 3.44. 119 Figure 3.44 My network here is in the 192.168.1.x network so I have configured it as shown above. This is an Intermediate and Advanced book so I won’t go into the specifics of this configuration. However if you need to know about IP Addressing you can read either my CCNA Book from Sybex or my Windows 7 Professional Black Book by MediaWorks Publishing. If you click on the advanced tab you can add additional IP Addresses, DNS addresses, or an additional WINS address as shown in figure 3.45 and hit OK. 120 Figure 3.45 Before we move on to the next section I wanted to give you a troubleshooting tip. As networks have evolved switches as well as DSL Modems and routers have increasingly been placing ports in 10, 100, or 1000 Mbps with Full Duplex. The network card is set to auto by default and can lose connectivity due to the unmatched settings. To find where you change this, click on the Configure button under, “Connect using” where it displays the adapter type as shown below in figure 3.46. 121 Figure 3.46 Under the Advanced Tab as shown in Figure 3.47 click the Line Speed/Duplex Mode and change the values to match the other side of the network interface. For instance, if I set the Cisco switch port the PC is plugged into at 1000 Mbps, Full Duplex, I would click the Value drop down and select that setting and then click Ok. You will temporarily lose network connectivity on the PC during this process. 122 Figure 3.47 Note: Please see Chapter 14 to learn how to configure IPv6 IP addresses on an interface using the Network Properties. See Chapter 16 to learn how to configure IPv6 addresses on a PC or Laptop using the Netsh command. 123 Chapter 4 Control Panel – User Accounts and Profiles Windows 7 is the most secure version of Windows, Microsoft has ever developed. Included in Windows 7 are some very good options for keeping your account secure. From passwords, to times your kids or workers can log in to Windows, all the way to the rating types of games and movies they can watch. This is all in an effort to keep your family as secure as possible. In this chapter, you’ll learn how to set up multiple users on a PC, select the right account type for different users, join a domain, enable Parental Controls, and much more. We will also look at how to share your printers, hard disks and devices on the network. Then we will walk through the options you need to know to configure your Windows 7 personalized experience. 124 Configuring a User Account with Parental Controls Under the Control Panel, User Accounts and Family Safety as shown in figure 4.1, you have the options to add, modify, or delete user or administrator accounts. There are also many other items from parental controls to controlling what applications can be run. In this section we will cover all of them. Figure 4.1 I quickly added another account and made it a user account called, “My Kids” as shown in figure 4.2. After the account is created you can use this screen to change the account name, password, picture, or the account type. You can also setup the Parental Controls or delete the account. 125 Figure 4.2 I am going to click on Parental Controls as shown in figure 4.2. When I do this it gives me the option to choose the user to modify as shown in figure 4.3. Figure 4.3 You will notice in figure 4.3, under the picture that there are no Parental Controls configured. Next, I want to keep my kids off the computer after 8PM at night and not let them use it until 7AM. So I will click on Time Limits and use my mouse to highlight the times I want to keep the kids from logging in as shown in figure 4.4. 126 Figure 4.4 Now, there are definitely lots of games I would never let me kids see. In figure 4.5 I set the maturity level for games and movies played under the My Kids login to Everyone 10+. This means that all the games with a Teen, Mature, or Adult content will be blocked. 127 Figure 4.5 In figure 4.6 you see the Parental Controls which allow you to keep your kids from using any program or application installed on the PC. Any application that is not checked cannot be used by the user logged in as My Kids. 128 Figure 4.6 In the last screenshot in this section we will go back and review the changes we have made to the user My Kids as shown in Figure 4.7 129 Figure 4.7 Advanced Sharing Settings Windows 7 doesn’t allow your printers or data to be shared by default. In fact it doesn’t even let your PC be discovered on the network. These are all options you have to turn on yourself. In figure 4.8, you see the Control Panel, Network and Sharing, Advanced sharing settings window. This is where you configure the options to share your printers, data, or allow other computers to see your computer on the network. 130 Figure 4.8 You will notice in figure 4.8 that you have the ability to turn on or off the ability to be discovered on the network, turn on or off file and print sharing, and turn on or off the folders you want to publically share. Linking Your Online ID’s Microsoft allows you to link your online ID’s from websites like Live so that you can get online content without the need to continuously log in to the sites. In figure 4.9, you see the Link Online ID’s window found under the Control Panel, User Accounts and Family Safety, User Accounts. The link is on the left pane. 131 Figure 4.9 After you select Link online ID’s you will see a list of the possible users that you can link ID’s for. If there is only one account as I have configured you will immediately get the screen as shown in figure 4.10. Notice the Windows Live icon allowing you to link your Windows Live ID. Figure 4.10 132 You will immediately be redirected to the Internet to sign in and allow your Windows Live ID as shown in figure 4.11. We were given a rereleased copy of Windows 7 Enterprise which only has Windows Live as options. Microsoft however intends to add Bing, MSN and other logins as well. Figure 4.11 Joining a Domain If you belong to a company, most likely you will be joining a domain. Where you configure this is kind of hidden if you are used to Windows XP and or previous versions. Under System and Security in the Control Panel you will find the System link. Click on that and you will see the screen below in figure 4.12. Notice I am currently in a Workgroup. Figure 4.12 133 But in order to get all the benefits of a domain we have to join an Active Directory Domain. First click on Change settings and the screen in figure 4.13 will appear. Now this looks similar to the one in Windows XP. Figure 4.13 It gives us the computer name and then Workgroup we are in. Next let’s click on Change and we will get the screen shown in figure 4.14. Figure 4.14 When you have entered your domain name and clicked on the Domain radio button you will get a popup which requires a member of the Domain Admins group to enter their credentials to join as shown in figure 4.15. 134 Figure 4.15 You will then get a popup the says “Welcome to the .” as shown in figure 4.16. Figure 4.16 Normally in a Windows book it would stop here and tell you to do a reboot. But this is not a certification book, it is a real world guide and before I reboot I go one step further to save me a lot of time. If you rebooted, the only person who could install applications or make system changes is anyone in the Domain Admins group. I like to save myself time and add the user of this PC to the Power Users. If you don’t add it before you reboot from adding the PC to the domain, you have to login as an administrator and give the user Power User or 135 Administrator group rights, then log back out and log back in as the user to install applications. I am the administrator and this is my laptop, so I am going to add myself to the Administrators group on the local PC. To do this, right click on the My Computer icon in the Start Bar. Choose Manage and you will get the Computer Management screen as shown in figure 4.17. Click on the Local Users and Groups, then choose Groups, Administrators (Or Power Users) and enter the login ID of the person you want to give the rights to. Now this will not give the person any extra domain rights but it will allow the user control over their own PC. Figure 4.17 You will probably need the domain administrator’s login and password one more time to add a domain user to any of the groups. Click Ok, find the restart screen from when you added the PC to the domain and click OK again as shown in figure 4.18. 136 Figure 4.18 Personalization We will look at personalizing your Windows 7 experience in this chapter. As you can see, you can make changes in the Control Panel, Appearance and Personalization then choose Personalization in figure 4.19. Figure 4.19 In figure 4.20 you see the different options for configuring your desktop, background, colors, sound, and the screen saver. 137 Setting Backgrounds Figure 4.20 You can click on any of the pictures to make them your desktop background or choose your own. In figure 4.21 you will see the Windows colors and appearance options that you can choose instead of a picture for your background. 138 Setting Colors and Appearance Figure 4.21 Let’s say you want to stop the Windows login music, or change your beeps to a dog bark. How would you do that? Well make it a .WAV file and change the sounds until you find one you like, as shown in figure 4.22. You can also choose to use themes you have downloaded or that come preconfigured in Windows 7. 139 Sound Settings Figure 4.22 Screen savers keep your screens from getting burned in images that you can see as shadows when you are using your computer. These are caused by the same screen burning the pixels from being in too long. In figure 4.23 you will see where you can change the screensaver and the settings. 140 Configuring Screen Saver Settings Figure 4.23 141 Configuring Desktop Icons Figure 4.24 Many of these icons were on the desktop by default in Windows 98 and Windows 2000. In XP and Vista these icons were there in Classic Mode or by selection. In Windows 7 they are here only by selecting them in this screen. By placing a checkmark as shown in figure 4.24 on any of these boxes the corresponding icon will show up on the desktop. 142 Changing the Mouse Pointer Properties Figure 4.25 The screen shown in figure 4.25, allows you to change the properties of your mouse. This includes customizing the pointer, effects, buttons, sensitivity and much more. 143 Change Your Profile Picture Figure 4.26 This screen shown in figure 4.26 allows you to change your profile picture to any of the preinstalled pictures or to browse for more pictures or search for your own. 144 Change Your Display Settings Figure 4.27 The screen in figure 4.27 shows the different options for adjusting your screen size, adding a second monitor, and adjusting the advanced settings. For more information on the advanced setting please see: http://www.sevenforums.com/tutorials/258-color-bit-depth-displaysettings. html 145 Customizing Default User Profiles You can customize the default user profile during an unattended installation using the following Copy Profile parameter in the Unattend.xml answer file that is passed to the Sysprep.exe. To do this, follow these steps: 1. Use the administrator account or an account that has administrative privileges to log on to the computer. 2. Configure the settings that you want to use in the profile. This includes desktop settings, favorites, and Start menu options. 3. Create an Unattend.xml file that contains the Copy Profile parameter. By using this Copy Profile parameter, the settings of the user who is currently logged on are copied to the default user profile. This parameter must be set to "true" in the specialize pass. For example, the parameter must be as follows: true 4. You can use the Windows System Image Manager tool to create the Unattend.xml file. The Windows System Image Manager tool is included as part of the Windows Automated Installation Kit (Windows AIK). For more information about Windows AIK, visit the following Microsoft Web site: http://technet.microsoft.com/en-us/library/dd349343.aspx 5. Choose Start and type CMD at the search prompt or at a command prompt, type the following command: sysprep.exe /generalize /unattend: unattend.xml 6. Open Sysprep.exe which is located in the %systemdrive%\Windows\System32\sysprep directory. 7. You must use the /generalize switch so that the Copy Profile parameter can be used. The /unattend is an optional syntax which is used to point to the desired Unattend.xml file. 8. Note: The Unattend.xml file is located in the sysprep directory. Copy a User Profile to a Network Default User Profile Now that we have learned these steps, let’s learn how to turn the default user profile into a network default user profile in Windows 7 using the following steps. 1. Log on to the computer that has the customized default user profile by using an account that has administrative privileges. 146 2. Use the Run command to connect to the NETLOGON shared folder of a domain controller. For example, the path resembles the following: \\\NETLOGON 3. Create a new folder in the NETLOGON shared folder, and name it Default User.v2. 4. Click Start from the Start menu, right-click Computer, click Properties, and then click Advanced system settings. 5. Under User Profiles, click Settings. The User Profiles dialog box shows a list of profiles that are stored on the computer. 6. Select Default Profile, and then click Copy To. 7. In the Copy profile to text box, type the network path of the Windows 7 default user profile folder that you created in step 3. For example, type the following path: 8. \\\NETLOGON\Default User.v2 9. Under Permitted to use, click Change, type the name Everyone group, and then click OK. 10. Click OK to start to copy the profile. 11. Log off the computer when the copying process is completed. 147 Chapter 5 - Super Bar (Task Bar) In this book I tend to call the Taskbar, the Start Bar several places as many people can understand what I am talking about. However, many people at Microsoft and on the Internet are referring to Windows 7 version as the “Superbar”. So from here on out I will try to refer to it as the Superbar. In Microsoft texts the Taskbar is still named "Taskbar" in Windows 7. Let’s take a look at this new bar in figure 5.1 which you will immediately notice is much glassier look than previous versions of Windows. Figure 5.1 Like Vista’s task bar, the Windows 7 taskbar also provides a preview of the running applications by using their running icons by default. Also there is a small sliver bar next to each icon which allows you to view multiple instances of that application. So if you have two word documents open you can view and then select the one you want to see as shown in figure 5.2. Figure 5.2 In the rest of this chapter I am going to walk you through customizing the Superbar, the Superbar options, the features of the Superbar, and some Group Policy Edits. 148 Customizing the Superbar Properties If we right click on the round Windows 7 logo or the Superbar we get two and select Properties you will see the options in figure 5.3. We will then select the Toolbar Tab to add some additional features to our Superbar. In figure 5.3 you will see I have right clicked on the Superbar and chosen Properties. In the Toolbars Tab I have checked the Address tab and clicked Apply. In figure 5.4 you will see the changes this has made to the Superbar. Figure 5.3 Figure 5.4 149 Next, I will check the Link option and press apply. In Figure 5.5 you will see the Link option on the Superbar to the left and the menu that appears when you get when you click the Link option. Figure 5.5 The next option is for those who use Windows 7 on a Tablet PC. But if you have a but don’t use a Tablet PC, it is fun to use your mouse or a graphics tablet to play with it and try and convert what you write to actual typed text. In figure 5.6 you will see I have now checked the Tablet PC option and pressed apply. I have then clicked on the new option on the bar which brings up the Tablet PC menu box. Figure 5.6 150 The last option is the Desktop option which places all your shortcuts and folders from your desktop onto the menu. An arrow to the left gives you the additional files or folders which are contained on the desktop. Also the folders contained in your Documents folder are also listed. Also you have shortcuts to My Computer, the Network, and the Control Panel all accessible in one easy place as shown in figure 5.7. Figure 5.7 151 Show Desktop Button This is one of my favorite icons in the taskbar. It has got a slightly different location in the new Superbar right next to the clock. This new feature is different from the old Desktop Icon which minimized all your open application windows. If you had 8 windows open, you had to click each one to maximize them again after pressing the old Desktop Icon. This new button as shown in figure 5.8 minimizes all of your open application windows which are maximized on the screen. When you are done looking at your desktop, simply click the button again and walla, all of your windows are back open just the way they were before. Figure 5.8 152 Using the Superbar Customize Feature Figure 5.9 In figure 5.9 above you will notice the little up arrow on the Superbar by the clock. You can also see that I have clicked on this arrow and it has given me options. There are other shortcuts at the top which are Superbar icons I do not want to see on the Superbar. But let’s say I did want to see them all or one or more of these on the Superbar. I would click the Customize option. In figure 5.10, you will see each Icon I have available and a drop down menu next to each of them giving you three options. These options are: • Show icon and notifications • Hide icon and notifications • Only Show notifications 153 Figure 5.10 If I want to see all of the Icons on the menu bar I would simply click on Always show all icons and notifications on the taskbar and click OK as shown on figure 5.11. You will notice the changes on the Superbar where it now shows all the icons. 154 Figure 5.11 155 Windows Aero Overview Aero is a new feature introduced in Windows Vista and expanded in Windows 7 to improve the desktop look and experience. Aero requires a display adapter compatible with Windows Display Driver Model (WDDM) and a Windows 7 Windows Experience Index of 3.0 or better to work. We will talk about how to view these options later in this section. First though let’s get a look at the items we will focus on in this section which are: • Aero Glass • Aero Peek • Aero Snap • Aero Shake • Windows Flip 3D In most circumstance, if the PC’s display card satisfies the minimum requirement to run Windows Aero, which appears to be not much different, to what’s required in Windows Vista: 1. 1 GHz 32-bit (x86) or 64-bit (x64) processor 2. 1 GB (gigabyte) of RAM memory 3. DirectX 9 compatible GPU with a minimum of 128 MB of Video RAM 4. Windows Display Driver Model (WDDM) driver 5. Windows 7 will automatically enable Windows Aero upon installation. Alert: Aero is not a feature of Windows 7 Starter Edition. Sometimes Windows Aero may not be turned on, or is having problem to enable. This is for many reasons such unsupported video drivers, outdated or unsupported VGA graphic display card, not meeting the above requirements, or Windows 7 just does not automatically enable. Let’s take a look at how to find out what is wrong and see if we can get Windows 7 to enable this feature with the instructions in the next section. 156 How to Enable Aero in Windows 7 1. Once you have finished Installing Windows 7 install updated video drivers for your windows 7. 2. Refresh your WEI (Windows Experience Index) Score. In order to refresh WEI right on My Computer -> Properties, A New window with System information will be displayed as shown in figure 5.12. Figure 5.12 3. Click on Performance Information and Tools at the bottom right side of window and view your PC’s WEI Score as shown in figure 5.13. A score of 3.0 or better is required for Windows 7 to automatically enable this feature. 157 Figure 5.13 4. Now click Re-run the assessment (Or you can simply Click on start->type cmd and type following command: winsat formal) Once your Windows Experience Index is recalculated and if it’s higher then 3.0, Aero in Windows 7 will Aero Glass will automatically be enabled. NOTE: You can change colors by right clicking on desktop-> Personalize -> Select Windows Colors. 158 Aero Peek Feature Aero Peak is the new and improved thumbnail previews added to the Superbar. This is very important when you want to switch between applications when you have multiple windows open. You might need to minimize every other window opened to look for your application. You can also use ALT + TAB or use Windows Flip 3D to browse the applications. With the new Superbar, you can just hover on the thumbnail previews to get a preview of that window while the other windows fade away into glass sheets and easily switch to your application! Aero Snap Feature There is also a really cool feature which allows you to drag an application to the left or right until the screen dims as shown in figure 5.14. When you release, your application will be exactly half the screen width. Figure 5.14 Note: The Windows Key + the right arrow key will produce the same result. 159 It’s a great way of comparing documents side by side as shown in figure 5.15. Figure 5.15 Aero Shake Feature Aero Shake is a new feature to help wear out your mouse quicker so that manufacturers of mice can start upping their sales counts. I am just kidding. What Aero Shake does is allows you to shake an application on your desktop by clicking at the top and moving quickly left and right. By doing this all the other windows you have opened except for the one you are moving left and right will quickly minimize. It’s a nice feature that I can see some practical use for, but I think they need to work on the sensitivity so users don’t wear out their mice. Of course it does have some exercise value. Maybe they should call it the “Microsoft Fit” function. I mean Wii came out with their version. Aero Glass Feature Aero Glass effect is one of new features of Windows Vista and is now extended to Windows 7. It features a translucent glass design with sublet windows animations and new windows colors. The Aero Glass effects all of your open application windows makes them transparent like glass as shown below in figure 5.16. 160 Figure 5.16 Windows Flip 3D Windows Flip improves on the ALT+TAB method for flipping between application windows; while Windows Flip 3D dynamically displays all open windows in a graceful three-dimensional view as shown in figure 5.17 which shows the results of hovering over the Internet Explorer icon on the Superbar. Windows Flip 3D uses the dimension of visual depth to give you a more comprehensive view of your open windows, helping you sidestep chaos even as you juggle myriad open files and programs. Windows Flip 3D can even render images of live processes such as currently playing video. Use the START+TAB keys to initiate the 3-D view, then flip through open windows by using arrow keys or the scroll wheel on your mouse to quickly identify and select the one you want. Navigating your desktop has never been this fun. Figure 5.17 161 Troubleshooting Windows Aero Whatever the cause of your Windows Aero failure, there is the easy way to fix all issues, bugs or problems related to Windows Aero, and then turn on and enable the Windows Aero feature in Windows 7. We discussed a way up in the Windows Aero Overview but thanks to a new troubleshooting task tool added in Windows 7 even easier. To troubleshoot Aero effects such as transparency in Windows 7, follow these steps: 1. Make sure that Windows Experience Index has been calculated and computed. 2. Click on Start menu. 3. Type the following text into the Start Search box: Aero 4. Click on the search result listing under Control Panel group named, “Find and fix problems with transparency and other visual effects”. Right click and choose Open. The result is displayed in figure 5.18. Figure 5.18 Note: If you don’t see “Find and fix problems with transparency and other visual effects” in the search results, click on Control Panel option displayed in the results to see all Aero related. 5. Next an “Aero – Troubleshooting Computer Problems” wizard will appear. Click on Next button. As shown in figure 5.19. After clicking Next you will see the screen shown in figure 5.20. 162 Figure 5.19 Figure 5.20 6. The troubleshooting wizard will attempt to detect any problems by running a series of checks as shown in figure 5.21. 163 Figure 5.21 Alert: Items with a red cross which indicates a problem which may prevent Aero from working properly, fix the issues and then rerun the “Find and fix problems with transparency and other visual effects” troubleshooting wizard again. Note: There are also other registry hacks available on the Internet to force Aero to work as long as your display card supports WDDI. I actually created a whole chapter on these hacks but the Editor of this book, as well as the Technical Editor voiced concerns about it. So it got removed. But you can Bing or Google, “Aero Hacks” and you will find them. Also note though, that if you do something to screw up your PC by using these hacks, Microsoft will most likely not help you fix it. 164 Other Superbar Features and Customizations In this section let’s talk about some other cool features and customizations that can be made to the Superbar. We will take a look at the following items: • Group Policy Editor customizations • Identifying open and closed applications • Application progress bars • Application Previews • Pin and unpin applications to the Superbar • Customizing the Superbar With The Taskbar Properties Taskbar Tab Group Policy Editor Customizations There are a number of customizations that can be made to the Superbar from the Group Policy Editor. So many in fact that I realized I could write an entire book just on this subject. So I am going to show you how to turn off the taskbar thumbnails on the Superbar. Then on your own you can scroll through the different items you can modify until your heart is content. I counted 355 options under the Start Menu. It might be more or less depending on your Windows 7 version. So how you enable or disable thumbnail previews in Windows 7 is follow these instructions: 1. Click on start and type on search bar gpedit.msc and press enter 2. Now navigate to User Configuration, Administrative Templates, and Start Menu and Taskbar in left window of the Group Policy Editor as shown in figure 5.22. You will notice in the right window all of the options I talked about before. 165 Figure 5.22 3. Locate “Turn off Taskbar Thumbnails” in right window of the Group policy editor and double click on it. 4. Select Disable and then click apply as shown in figure 5.23. Figure 5.23 166 5. Now check your Taskbar. You should now show just the file names instead of pictures. Application Progress Bars The application progress bars for downloading from the Internet or saving applications is actually a new unique feature. As shown below in figure 5.24, you will see Internet Explorer downloading a PDF and a search that I have running. The search is at 36% and the download is at 48%. I need to note that only some applications provide progress bars. Not all. Figure 5.24 One item that became apparent to me is that when I had multiple instances of downloads in Internet Explorer it becomes difficult to keep track of multiple progresses in the same application. If you hover your mouse over the applications Icon on the Superbar however, you can get a more accurate look at where the progress is on each individual Pin and Unpin Applications to the Superbar Unlike earlier versions of Windows you can now very easy go to Pin and Unpin icons to the Superbar. This is a way to keep your most used application shortcuts right on the Superbar . The Pin to Taskbar is available if you right click and application in the Start menu, Programs menu, or right off an open application already in the Superbar. In figure 5.25, I am pinning Microsoft Word to the Superbar using the Pin to Taskbar option. You will note I can also choose to pin the application to the Start Menu where I am getting the Windows Word shortcut from. 167 Figure 5.25 Now that it is pinned to the Superbar anytime I log out or restart the computer the Microsoft Word shortcut and icon will be displayed in the Superbar. If I right click on the Microsoft Word icon in the Superbar I will have the option of Unpinning the program as shown in figure 5.26. Figure 5.26 168 Customizing the Superbar with the Taskbar and Start Menu Properties Taskbar Tab Occasionally, some users might not like the new way of grouping items, especially the icon overlay display where sometimes it becomes difficult for some users to identify which applications are running and closed. You can easily access these options in the Taskbar properties dialog window as shown in Figure 5.27. Figure 5.27 Below there are screenshots of taskbar buttons with different options as shown in figures 5.28, 5.29, and 5.30.: 1) Always combine, hide labels (default behavior) Figure 5.28 2) Combine when taskbar is full (similar to earlier versions of Windows) Figure 5.29 169 3) Using small icons Figure 5.30 The Superbar is indeed a major feature update for Windows 7. Of course, many users will find the Superbar initially surprising as it needs some time to grasp the new features, but once you become familiar with the Superbar, you will start enjoying the simplicity of the new evolved Windows Taskbar. 170 Windows Key Shortcuts Windows 7 has significantly more Windows key shortcuts than any Windows version before. Let’s take a look at what Windows key combinations you can use to save yourself time. For those of you with a laptop without a Windows key. I feel sorry for you. Key Combination What It Does Windows key Open or close the Start menu. +ESC Windows key Display the System Properties dialog box. +Pause Windows key Display the desktop. +D Windows key Minimize all windows. +M Windows key Restore minimized windows to the desktop. +Shift+M Windows key Open Computer. +E Windows key Search for a file or folder. +F Ctrl+Windows key Search for computers (if you're on a network). +F Windows key Lock your computer or switch users. +L Windows key Open the Run dialog box. +R Windows key Cycle through programs on the taskbar. +T 171 Windows key Start the program pinned to the taskbar in the +number position indicated by the number. Shift+Windows key Start a new instance of the program pinned to +number the taskbar in the position number. Ctrl+Windows key Switch to the last active window of the program + number pinned to the taskbar in the number. Alt+Windows key Open the Jump List for the program pinned to +number the taskbar in the position number Windows key Cycle through programs on the taskbar by using +Tab Aero Flip 3-D. Ctrl+Windows key Use the arrow keys to cycle through programs +Tab on the taskbar by using Aero Flip 3-D. Ctrl+Windows key Switch to the program that displayed a message +B in the notification area. Windows key Preview the desktop. +Spacebar Windows key Maximize the window. +Up Arrow Windows key Maximize the window to the left side of the +Left Arrow screen. Windows key Maximize the window to the right side of the +Right Arrow screen. Windows key Minimize the window. +Down Arrow Windows key Minimize all but the active window. +Home Windows key Stretch the window to the top and bottom of the +Shift+Up Arrow screen. Windows key Choose a presentation display mode. +P 172 Windows key Cycle through gadgets. +G Windows key Open Ease of Access Center. +U Windows key Open Windows Mobility Center. +X 173 Chapter 6 – File Security and Encryption Windows 7 is full of ways to protect yourself when you are using your computer. There are so many threats out there that it is important to be proactive and educated on possible threats to your computer and do what you can to detect and prevent them. In this section we will show you how to keep applications off your network PC’s, how to encrypt your sensitive data, and how to protect your privacy when using Windows Media Player included with your Windows 7 operating system. AppLocker AppLocker as shown in figure 6.1, it is a new application control feature available in Microsoft Windows 7 that helps eliminate unwanted and unknown applications within an organization’s network to providing a much more productive and secure environment. Figure 6.1 These screens are blown up in the next few pages so don’t go grab your magnifying glass just yet. 174 AppLocker answers the need for application control with a simple and flexible application that allows administrators to specify exactly what is allowed to run on the computer in their network environment. There are many benefits to using AppLocker in your network such as: • Stop unlicensed software from being installed or run in your environment. • Preventing vulnerable, unauthorized applications from being installed or run in your environment. • Prevent user from running applications which waste time. • Stopping users from running applications that needlessly consume network bandwidth. • Preventing users from running applications that possible contain viruses or malware. • Allow users to install and run software and updates based upon their business needs • Ensure compliance of corporate policies and industry regulations for PCI DSS, Sarbanes-Oxley, HIPAA, Basel II, and state identity theft protection acts. • Reduce the cost of repair for users who install software which causes their PC to have issues or infects other devices in the network. AppLocker provides a powerful solution using three rule types: allow, deny, and exception. Allow rules limit execution of applications to a "good list" of programs and applications. Deny rules take the opposite approach and disallow all programs and applications on the “bad list”. Exception rules allow you to exclude files from an allow/deny rule that would normally be included such as a rule to “allow everything in the Windows Operating System to run, except the built-in games.” AppLocker is configured in the Group Policy Editor in Local Computer Policy, Security Settings, Application Control Policies, and then AppLocker as shown in figure 6.2. In figure 6.3 you will see the options that you can configure for AppLocker. 175 Figure 6.2 176 Figure 6.3 177 User Access Control (UAC) To access UAC settings click the Start button, type UAC, and click on Change User Account Control Settings. This page is relatively simple with only four options to decide the level of security you want associated with your profile. These options range from never notify to always notify. Figures 6.4, 6.5, 6.6, and 6.7 show the four options available and when you will receive an alert. The default is shown in figure 6.4. Figure 6.4 Figure 6.5 178 Figure 6.6 Figure 6.7 179 BitLocker BitLocker Drive Encryption is a new feature that provides protection for operating hard drives, external drives, and removable data drives in case they are lost or stolen. BitLocker is a way of encrypting the data on drives and requiring authentication to access the information. BitLocker encrypts your drives so others cannot access them without a password. BitLocker comes in two flavors in Windows 7 which are BitLocker and BitLock To Go. You can also force the PC to book from an encryption key on a USB flash drive. You can insert the USB flash drive into the computer during startup to allow it to book. The USB flash drive is used to unlock the computer. When enabling BitLocker on a hard drive or removable drives, BitLocker can use the following unlock methods: Password: You can use a password to unlock your BitLocker encrypted data drives and Group Policy settings can be used to set minimum password lengths. Smart card: BitLocker allows you to use a compatible certificate on your smart card. By default, BitLocker will choose the certificate unless you have multiple compatible certificates, in which case you must choose the certificate to use. BitLocker To Go was specially created to encrypt the data on your portable media. With an increasing number of key drives being used, the loss of sensitive data is becoming more of a threat. Encrypting Your Thumb Drive To encrypt your thumb drive, do the following you should plug your thumb drive into a USB port, click the Start button, type BitLocker, and click on BitLocker Drive Encryption. Next to your drive letter of your thumb drive, click Turn on BitLocker as shown in figure 6.8. Choose a password and click Continue as shown in figure 6.9. You will be given the option to save your recovery key (used if you forget your password) or print it. If you save the file, ensure the file is stored somewhere safe and then click Next as shown in figure 6.10. You will then need to confirm your chosen settings, the password and click Start Encrypting as shown in figure 6.11. 180 Figure 6.8 181 Figure 6.9 Figure 6.10 182 Figure 6.11 After you click Start Encrypting you will see the screen in figure 6.12. Please notice the figure above where it warns that large drives may take quite a while. Figure 6.12 Now that I am done, I am going to try and access the drive I just encrypted. As soon as I try a new screen appears asking me to enter a password before I can access the drive as shown in figure 6.13. 183 Figure 6.13 Setting up Your Homegroup Homegroup is a new feature in Windows 7 that makes it easy to share your libraries and printers on a home network. Homegroup provides password protection and a choice of what you want to share with others. A Homegroup is created in the Control Panel under the Network and Internet as shown in figure 6.14. 184 Figure 6.14 You will see the options for the Network and Internet settings as shown in figure 6.15. The second option called Homegroup is where you create or remove a Homegroup or make changes to the settings. 185 Figure 6.15 If no Homegroup is configured, the first screen you will see is the one pictured in figure 6.16. Figure 6.16 186 Once you select Create a Homegroup, the next screen as shown in figure 6.17 allows you to decide which items you will be sharing with others by clicking the box and placing a checkmark next to the option. Choose from Pictures, Documents, Printers, Music, and Videos. Figure 6.17 Next, Windows will automatically prepare your Homegroup for you. Once this part is done, you will need to get a shared password, which allows other computers, running Windows 7, to connect to your Homegroup. Figure 6.18 shows the screen where you are given your password. 187 Figure 6.18 The password is also available to view whenever you need by going back to the Homegroup link in Network and Sharing as shown in figure 6.19. 188 Figure 6.19 Note: Joining a Homegroup is easy. To join your current Homegroup, go to your second PC and connect to the same network (wireless or wired) the Homegroup is configured on. You will automatically be prompted to join the Homegroup. Click “Join Now” and type in your Homegroup password. 189 Encrypting NTFS using the Cipher Tool The Cipher Tool, displays or alters the encryption of directories and files on NTFS volumes. If used without parameters, cipher displays the encryption state of the current directory and any files it contains. The tools syntaxes are shown in figures 6.19 and 6.20. Figure 6.20 190 Figure 6.20 In figure 6.21 you see the tool configured to wipe the free(swap) space on the drive and overwrite it with random characters. Figure 6.21 There are many syntax for this command. For more information visit: http://technet.microsoft.com/en-us/library/ee424301(WS.10).aspx 191 Chapter 7 – Maintaining Windows 7 In a perfect world your computer would never break, never need maintenance, never slow down, never get a virus, and never lose any of your data. Well this computer you have and the operating system are very technical and they have a lot of moving parts. Not to mention the environment you place it in can be just as bad as anything else. One of my customers has about 20 employees, but he runs a machine shop and my technicians are out there every other week performing maintenance on the PC’s and they still break down. Also just using your PC, moving files, doing searches, and just about anything you do with your PC creates a need for regular maintenance. If there wasn’t a need to fix and maintain Windows PC’s and servers, there wouldn’t be a platoon of certified people out there to work on them. You would take the PC out of the box, it would be ready to go and you would never have a need to call technical support, or fix anything. It would be a perfect world. Well it’s not so you better continue reading this chapter. Let’s take a look at what we will cover in this chapter some more features of the Action Center such as: • Windows Update • Windows Defragmenter • Windows Disk Cleanup • Windows Check Disk (CHKDSK) • Windows Backup Note: Regardless of the version of Windows 7 you have purchased. All the features in this chapter are in included. 192 System Security with Windows Updates To get bugs in the operating system fixed automatically, stay safe on a network and the Internet you need to keep your system up to date. In this day and age it is absolutely essential step in maintaining a secure computer environment. When threats emerge, Windows has been quick to patch and make changes to their operating system to quickly fix the issue. This has been thanks to the Windows Update program which has been completely redesigned in Windows 7. The Windows Update setting page available in the Windows Action Center allows you to configure your Windows Update settings as shown in figure 7.1. Figure 7.1 Microsoft routinely releases security updates on the second Tuesday of each month on what s known as, “Patch Tuesday”. Most other Microsoft updates are when the need arises, such as when a fix is developed for a newly discovered problem. If you keep the settings at the default setting, updates will install automatically. The Change Settings dialog box lets you specify how you want Windows Updates to operate. The options allow you to specify whether to download and 193 let you specify which ones to install, specify which updates to install and then download, or just disable Windows Updates all together as shown in figure 7.2. Figure 7.2 If you use the Install Updates Automatically (Recommended) option Windows will come out of sleep mode automatically at the time you selected and update your system. If you have either the “download, but don’t install” or “check, but don’t download or install” options selected, Windows Update notifies you with a flag notification when new updates are available for you to approve. This is very time consuming and not recommended. “Who Can Install Updates”, allows an administrator of the PC to either allow all users to install updates or uncheck the box to allow only administrators to install updates. “Microsoft Update”, if checked it allows you to update for other Microsoft products other than the operating system and also install software that Microsoft recommends. “Software Notifications”, this gives you detailed information of the updates Microsoft has installed. If you have ever gone to Microsoft’s update website 194 and installed updates you see a reason, what the update does for you and the Microsoft identification code. Alert: If Windows Updates fails to download and install an error code will appear in a notification message on the flag on your Superbar. It will also display a link to get help about the possible problem. If Windows Updates fail you will want to find out why right away. It could be an indication of a bigger problem such as a virus, worm, Trojan, or malware. Sidebar: What if an update gives me trouble? If you suspect a particular update creates a problem, some updates can be removed. To see if an update can be removed, look under Windows Update, click Installed Updates in the left window. This will take you to Control Panel, Programs. You will be able to see the installed updates. Those which are not security updates and can be uninstalled will give you the option to uninstall. The page only lists updates that can be uninstalled. To see all updates that have been installed whether they are removable or not go to Windows Update and click View Update History. 195 Defragmenting Disks When your system is a new system it is really fast and the computers processor has plenty of RAM, and when it runs out it has nice speedy hard drive space to act a virtual memory. What can happen if you don’t maintain your hard disk? What is fragmentation anyway? When you first get your computer there is plenty of space to put your files anywhere and in a nice, easy to find space all together on the hard drive. But as you go along, the drive starts having a hard time trying to find enough space in between the little files it’s placed for the bigger ones it is now placing on the drive. So the operating system starts splitting up the files and placing them all over the hard drive in pieces. After a while there are so many split up files that it slows the PC down looking for the files so it can piece them all back together and show you that nice 200MB PDF you want to see so bad. It doesn’t seem like much until you know that on an NTFS volume larger than 2 GB in size, the cluster size is 4 KB. So if you have 400MB movie it is over 100,000 fragmented pieces. After a while hard disk performance becomes a bottleneck and everyday your operation of the PC starts to slow things down. It starts with being noticed when you play movies, video clips, and perform DVD-burning. A little while longer your hard drive becomes slow even opening a small Word document or going to the Internet. That is where Windows Defragmenter becomes your friend. I recommend you defrag your hard disks weekly. I you do, it should only take about 10 to 20 minutes and your hard drive will always stay healthy in terms of fragmentation. The longer you wait, the longer it takes to defragment the hard disks. I was called to a customer that had slowness at a cement plant recently. The PC was 4 years old and probably has never been defragmented. It took the PC about 2 days to perform this simple routine. Imagine all the frustration and lost productivity she had because of the lack of knowledge of this small simple process. Windows Defragmenter has been in every version of Windows. In Windows 7 it is improved. Unlike previous versions Disk Defragmenter allows you to configure it to run as a low-priority background task once a week. If you set it run in the middle of the night, unless you are a night owl, you can set it and forget it. Let it run on its own. Figure 7.3 shows Windows Defragmenter by going to Start, All Programs, Accessories, System Tools, and the Disk Defragmenter. 196 Figure 7.3 To configure Windows Disk Defragmenter to run on its own click the, “Configure Schedule...”, button and the scheduler window will appear as shown in figure 7.4. Figure 7.4 197 Pick a day of the week, the time and then select the disk you would like this to run on as shown in figure 7.5. Figure 7.5 Selecting the, “Automatically defragment new disks” will auto add any drives which are connected whether they are large USB or even thumb drives. So it truly is a set it and forget it utility. 198 Running Disk Defragmenter Disk Defragmenter allows you to run additional options from the command line. To use disk defragmenter from the command line, type “cmd” at the Windows Programs Bar Search for Files and Programs box. This brings up a Command Prompt window. Next type defrag followed by the drive letter. For instance if you wanted to defrag drive c: you would type “defrag d:” followed by any options you want. To see all of Windows Defragmenters options, type defrag /? at the command prompt. Let’s take a look at the options available for the defrag command: –c This option defragments all volumes on the computer; use this switch without specifying a specific drive letter or mount point. –a This option analyzes the specified volume and displays a summary of the analysis report. -f This option consolidates the free space on the specified volume, reducing the chance that large new files will be fragmented. /r This option defragments multiple volumes in parallel. If your volumes are on physically separate disks, you might save a bit of time by using this switch. -v This option displays complete (verbose) reports. When it used in combination with –a, this switch displays only the analysis report. When used alone, it displays both the analysis and defragmentation reports. –w This option performs a full defragmentation by consolidating all file fragments, regardless of size. 199 –b This option defragments only boot files and applications while leaving the rest of the drive undisturbed. Note: There is third party defragmenting software that can be used when Windows Defrag is not enough. Alert: The Disk Defragmenter run from the command prompt does not provide any progress bar. Just a blinking cursor is shown. You can click the Command Prompt window and press CTRL+C to stop the process.. 200 Windows Check Disk (CHKDSK) and (CHKNTFS) Along with Defragmenting, your hard disk can get errors as well. If these errors are not me operating system it will continue to place data on these areas. If the data is from these bad areas are not moved from these bad areas of the disk your computer can become unstable and even have what we call a crash. Windows Check Disk can automatically fix disk or file system errors or just look for them and report it to you. It comes in two flavors. One for NTFS drives called chkntfs and one for FAT and FAT32 drives called chkdsk. Let’s take a look at both in the next two sections. CHKDSK Technically speaking, chkdsk is a DOS utility as shown in figure 7.6 with the different syntaxes and options you can use. It also has a nice GUI with basic controls that you can run by right clicking a drive letter in Computer, right click the drive letter you want to scan, choose Properties, Error-checking, and then Check Now as shown in figure 7.7 and 7.8. Figure 7.6 201 Figure 7.7 Figure 7.8 By default you have the “Automatically fix file system errors”, which is the equivalent of running the chkdsk command in DOS with the /F syntax. If you check the “Scan For And Attempt Recovery Of Bad Sectors an exhaustive check of the entire disk to find bad sectors and recover readable information stored in those defective location will be run on the hard disk. (Usually requiring a reboot to perform this feature on the next start up.) This 202 option is the equivalent of running the chkdsk command in ODS with the /R syntax. Note: Unchecking both boxes simply gives you a report of file system errors without making any changes or error corrections and is the only option which usually does not require a reboot to perform. When a reboot is required for the disk checking, the disk check occurs at the beginning of the startup sequence. When your computer starts, a Windows screen notifying you that it’s about to perform a scheduled disk check. If you want to delay this check, you have 10 seconds to cancel the operation by pressing the space bar and boot normally in to Windows 7. If you allow the check to continue, after Check Disk is completed you will get an on screen report of the findings. If the check finds that there are no errors, you see a Disk Check Complete dialog box. Note: If Check Disk finds any errors, it puts an entry message in the System Event Log and displays a dialog box listing the errors it found and the repairs it made. These are the typical uses of chkdsk for a user. There are other options a shown in 7.6 which are identical in chkntfs and we will explain those further in the next section. CHKNTFS Check disk has its own utility errors for drives formatted with NTFS called chkntfs. It is used to perform a thorough inspection for errors. Two versions of this utility are available—a graphical version that performs basic disk-checking functions, and a command-line version that provides a much more extensive set of customization options. NOTE: Sometimes, Check Disk will run automatically after an abnormal shutdown. It is because a specific bit in the registry is set, which indicates that the file system is “dirty”. This denotes to the operating systems that that possible data was not properly written to the disk when the system was shut down. NTFS volumes keep a journal of all disk activities and use this information to recover the file system in the event of an abnormal shutdown. With the chkntfs command there are several syntaxes as shown in figure 7.9. 203 Figure 7.9 You can use any combination of the following switches at the end of the command line to modify the operation of chkntfs as shown below: /F This option attempts to fix any errors Chkdsk detects. The disk must be locked and may require a reboot to perform a dismount of the volume you want to check. /V This option work differently on different volume types. On FAT32 volumes, using this option displays the name of every file in every directory during the disk check. On NTFS volumes, this option displays only cleanup messages. /R This option identifies bad sectors and attempt to recover data from those sectors if possible. The disk must be locked. /I This option performs a simpler check of index entries reducing the amount of time required to complete the check only on NTFS volumes. /C This option skips the checking of cycles within the folder structure and reduces the amount of time required only on NTFS volumes. /X This option forces the volume to dismount only on NTFS volumes. /L[:size] This option adjusts the size of the NTFS transactions log only on NTFS volumes. 204 /B This option reevaluates bad clusters only on NTFS volumes. /P This option performs an exhaustive check of the disk in the Windows Recovery Environment only on NTFS volumes. /R This option repairs bad spots found on the disk in the Windows Recovery Environment only on NTFS volumes. 205 Disk Cleanup The Disk Cleanup utility is a very quick utility to clean up the temporary files and other items that can be cleaned safely to make space. You can start this by pressing the Start Bar (Round Windows logo), then All Programs, Accessories, System Tools, then Disk Cleanup, and the Disk Cleanup: Drive Selection will come up as shown in figure 7.10. Note: If you click any “low disk space” warning, the Disk Cleanup tool opens automatically. Figure 7.10 Once you choose the drive letter it will scan your drive and calculate how much space the tool can free up in the different categories. As shown in figure 7.11. Figure 7.11 Obviously, I have a computer that is new as the total amount of free space I can free up is 19.5MB as shown in figure 7.12. But typically if the utility has not been run in some time you can free up quite a bit of space. 206 Figure 7.12 In figure 7.13 I have scrolled down to show the additional options that I can choose from on the “Files to delete” box. 207 File 7.13 After all that I decided I needed to gain some space so I chose the first two options and I chose to delete the Thumbnails to give myself an extra 19.5MB of space. Once I selected those items and clicked OK, a confirmation box appeared as shown in figure 7.14. Figure 7.14 208 NOTE: If you’re not sure what’s included in a file category, select it in the list and read the descriptive text. Also for some file categories, a View Files button is available; click that to open a folder containing the file category. If you did an upgrade to Windows 7 or an installation of Windows it placed your old operating systems files in a folder called Windows.old. You can reclaim a lot of disk space by deleting this folder or a majority of its contents. 209 Remote Assistance Remote Assistance is a flexible tool that can be used in many different ways to support users in small to large enterprises. This section explains how to initiate Remote Assistance sessions from demonstrates how to use Remote Assistance in an enterprise Help Desk environment involving two common scenarios. How to Create a Remote Assistance Sessions Remote Assistance sessions can be initiated either from the end user Graphic User Interface (GUI) or from a command line. Initiating Remote Assistance from the GUI 1. Click Start Bar, then All Programs, click Maintenance, and then click Windows Remote Assistance. This launches the Windows Remote Assistance screen as shown in figure 7.15. Figure 7.15 Note: you can also click Start Bar and type assist in the Start menu search box. 2. You Remote Assistance to get help from someone by clicking the Invite Someone You Trust to Help You as shown in figure 7.15. Note: You can also click on “Who Has Invited You” option, which displays the Choose A Way to Connect to the Other Person's Computer. We will continue with the first option. 210 3. Accept the Remote an invitation as a file from someone or offer Remote Assistance to someone by clicking the Help Someone The following options are available: Save This Invitation To A File-Selecting this option allows you to save your Remote Assistance invitation file to a folder. This folder can be location on your computer or an available network Share. Use E-mail To Send An Invitation-Selecting this option launches your default e-mail client. A message is then created with an attached the invitation file. Use Easy Connect-Selecting this option creates and publishes your Remote Assistance invitation file using and displays a 12- character password which you must communicate to whoever is helping you as shown below in figure 7.16. Figure 7.16 The other side must enter the password as shown below in figure 7.17. Figure 7.17 Sidebar: Record Problems The Problem Steps Recorder (PSR) is a great new feature that helps in troubleshooting a system). At times, Remote Assistance may not be 211 possible. Type psr in the Start Bar Search, it will launch the recorder as shown in figure 7.18. Figure 7.18 PowerShell The Widows PowerShell is a feature for I.T.Pros to do common changes and support as shown in figure 7.19. Figure 7.19 There are too many options to cover here in this book, but you should get to know the different option. Open the Start Bar and on the “Search programs and files” type: PowerShell. 212 Chapter 8 - Windows Backup Many people don’t see the value of using the backup utility until their hard disk crashes or the passenger side window in their car is on the ground and their laptop bag is missing. Almost everyone has work, personal pictures, or even music that they would miss if their computer or laptop was gone. People seem to understand backing up servers but backing up their PC’s just does not occur to them. It almost takes a catastrophic loss of their data to start backing it up. By then it is too late. In this section we will look at the following: • How to configure a backup • How create a disk image • How to back up the Registry • How to create a recovery disc 213 Configuring a Backup When you save things to your laptop, install software on your PC or make changes to your computer, it brings a certain level of risk. Timely, complete, and functional backups allow you to minimize that risk. The Backup and Restore utility in Windows 7 allows you to backup and restore either your selected files all the files on the operating system. There are several ways to Backup and Restore Center. One of the easiest is to press the Start button and type backup, then select Backup and Restore as shown in figure 8.1. Figure 8.1 You can also open up the Control Panel and select System and Security and select Backup and Restore as shown in figure 8.2. 214 Figure 8.2 After you click on the Backup and Restore button you will see the Backup utility screen shown in figure 8.3. Figure 8.3 To backup your files, first click the “Set up backup…” button. Windows will now prepare your system for backup and present you with a list of all the media it has found to perform a backup as shown below in figure 8.4. You will notice that I have selected the FreeAgent USB drive using drive E:. NOTE: To restore a file form a backup, launch Backup and Restore and click Restore Files. Locate the backup media your files are stored on and follow the instructions to get your previously backed up files back. 215 Figure 8.4 216 NOTE: If you have a CD ROM/DVD Writer installed you will have the option to write the backup to that location as well. There is no additional software needed. I tend to know what I want to back up so I choose, “Let me choose” as shown in figure 8.5. But if you are unsure or have very little administration experience with backing up data with one or previous versions of Windows, I would select the first option which allows Windows to decide what should be backed up. Figure 8.5 The next screen that appears in figure 8.6 allows you to choose what you would like to backup by placing a checkmark next to the item I want to backup. 217 Figure 8.6 After you click Next, there is just one last screen that appears to allow us to review all the settings we have selected as shown in Figure 8.7. 218 Figure 8.7 Figure 8.8 In figure 8.8, you see that our backup is about five percent complete. This is a running progress bar. Also below the backup in progress status bar you see the drive you are backing your data up to and the amount of free space still available. It is a blue bar unless the space available on the drive becomes less than ten percent and then it will turn red. When the backup is running you will see a small clock on the flag in to the Superbar as shown below in figure 8.9. Figure 8.9 When your backup is completed you can go back and edit the settings to configure the frequency of your backup and make it an automated process. You can set how often, the day, and the time as shown below in figure 8.10. I do recommend however that if you rely on this process to work, check to make sure the backup has run on a regular basis. I would also do a test restore which to make sure that what you are backing up is restorable. 219 Figure 8.10 220 Create System Image A system image is one of the fastest ways to restore your hard disk. This is different than a backup which you select the data you want to backup. If you do a restore it is done on an operating system that is functioning well enough to do the restore. A system images an exact copy of the disk or partition at the time the image was made. It is also an excellent way of installing the same configuration and software on multiple PC’s. You can install the operating system and all the software on one PC or laptop, create an image and then you can copy that image to all the other new PC’s or laptops. From a DVD it takes about 10-20 minutes to install the PC’s. NOTE: You should not activate Windows on the PC or laptop you are creating the image from. That way you can activate the Windows key that came with each individual PC or laptop. To create an image, first on the Backup and Restore menu in the Control Panel you will see the “Create a system image” link on the left as shown in figure 8.11. Figure 8.11 Once you click on the link in figure 8.10, you will get a screen that allows you to choose where you would like the image to be stored. You will see that I have a 300GB FreeAgent USB drive attached which I have chosen to place the system image on this drive. But along with attached drives, you have the option to place it on DVD or to a network location as well as shown in figure 8.12. 221 Figure 8.12 After you have selected a media location that has enough space for the image, Windows 7 will give you a confirmation screen before starting as shown in figure 8.13. It will also display the drive letters of the drives you will be creating an image of. 222 Figure 8.13 The image will start by clicking the Start Backup button as shown in figure 8.14. Figure 8.14 Backing up the Registry Occasionally, when troubleshooting or making changes to the operating system, you will have to make changes to the registry and it might become corrupt. Some troubleshooting steps require you to change values in your registry. If you make a mistake and don’t correct it, you may find your computer no longer 223 functions as it did before. To protect yourself from any mistakes or other system problems, you need to backup your registry. To backup the registry, first open the registry by going to the Start button and then type regedit as shown in Figure 8.15. Figure 8.15 Then left click Computer in the left side pane as shown in figure 8.16. Figure 8.16 Next, choose File and then Export. A window similar to the one in figure 8.17 will appear. Choose the location you want to save the file and then press Save. 224 Figure 8.17 NOTE: To restore the registry follow the same instructions but choose Import instead of Export. Create a System Recovery Disc If Windows 7 becomes corrupt you can avoid a full installation of the operating system by having a System Recovery Disc. You can use this disc to attempt a repair at boot up. The system recovery disc cannot be used to install or reinstall Windows, but it can be used to fix common problems that prevent Windows from booting. To create a system recovery disc, do the following. First, open the Backup and Restore utility and then click the link called, “Create a system repair disc”. As shown in figure 8.18. 225 Figure 8.18 After you click on the link, the screen shown in figure 8.19 will appear and allow you to select your DVD drive. Once you have selected the drive, click Create disc. Figure 8.19 NOTE: You will need a blank writable DVD to make the disc. 226 Chapter 9 – Other New Windows 7 Features Windows 7 is packed with a whole host of new features. In this chapter, we’ll take a look at some of these new features which we have not covered already in this book. We will look at how they can help you work more efficiently on your computer. This is not an exhaustive break down of each feature; but it will bring an awareness of what Windows 7 has to offer. In this chapter we will cover: • Federated Search • Snip Tool • Sticky Notes • Personal Character Edition • Device Stage • Ready Boost • Branch Cache • Internet Explorer 227 Federated Search The new Federated Search tool is used to search beyond the scope of your local PC hard drives for relevant content. It is based on Open Search and RSS to allow you to search remote repositories. You can use third party search connectors or create your own connectors, which is very easy because of the standard format used by Open Search. There are already many search connectors available for you to download from: • Bing • Deviant Art Search • Flickr Search Connector • Google Blogs Search Connector • Google News Search Connector • Microsoft Windows Live Search Connector • MSN Search • Twitter Search Connector • YouTube Search Connector As more sites add support for OpenSearch, expect to see more search connectors emerging for Windows 7. I am sure with the ease of creating a search connector the list of available Federated Search tools will be as long as this book is. Sidebar: What is Open Search? OpenSearch is a collection of simple formats for the sharing of search results. You can use OpenSearch formats to help people discover relevant content search results across the web. It’s like having your own personal search engine, but others can create search tools to search their own personal or corporate libraries. The Internet is a big place, and search engines only crawl the surface of the web and only find a small fraction of the great content that is out there. Moreover, some of the richest and most interesting content cannot even be crawled and indexed by one search engine. 228 OpenSearch also helps search engines and search clients communicate by introducing a common set of formats to perform search requests and syndicate search results. You might be surprised that OpenSearch was created by A9.com, which ix an Amazon.com company, and the OpenSearch format is now in use by hundreds of search engines and search applications on the Internet. I went ahead and created a Search Connector for Microsoft’s Bing.com search engine. In Appendix C of this book, you can see the steps I used, links to learn how to do it yourself and you can copy my code until your heart is content. It took me about three hours to create the code for which I saved as Bing.osdx on the desktop as shown in figure 9.1. Figure 9.1 229 If I right click on the file you will see the properties in figure 9.2. Figure 9.2 You see in figure 9.1, I have also clicked on the icon for the Bing search connector I created and it asks me if it is Ok to install. I clicked the Add button and it installs in only a few seconds. I now have a new search connector under favorites in my Libraries as shown below in figure 9.3. Figure 9.3 230 Snip Tool One of the coolest little additions to Windows Vista and carried over to Windows 7 is the Snipping Tool. This tool allows you to move your mouse and take a picture of as large of a square of your screen as you would like and make it in to a picture. It then can be saved as a picture or copied to a document. Down below you will see that I have several Sticky Notes on my desktop. If I did a Shift+Print Screen, I would get the entire screen. But the Snipping Tool allows me to highlight only the area I want to copy as shown in figure 9.4. Here I have only copied the Sticky notes and not the entire desktop screen. I can also write or draw a picture on the already captured picture or erase parts that I don’t want as well. A very fun little tool. Figure 9.4 Sticky Notes This is another fun little tool included with Windows 7. We are all familiar with the Post It notes we have on our desks. Well Windows 7 makes them go digital. Put little reminders on your screen and even use it as your task list. If you want another Post It, click the “+” sign. They will continue across your screen as shown in figure 9.5. If they run out of room they will overlap. If you are done with one, click the “X” and delete it. The cool thing is that if you shut off your computer, they will be back just like you left them on your desktop. The ones in figure 9.6 have been on my desktop for weeks. 231 Figure 9.5 Figure 9.6 232 Personal Character Editor Have you ever wanted to create your own font characters? Well here is your chance with the Personal Character Edition included in Windows 7 under Accessories. You can use this feature to create your own letters and font. Simply click on the boxes where you want to illuminate pixels as shown in figure 9.7. Figure 9.7 233 Jump Lists Jump Lists are a new feature in Windows 7. Jump Lists don't just show shortcuts to files, they are items that you go to frequently. Once you have opened a document, music, or any other file, if you right click on the icon on the Superbar it will show the items you recently opened. If you hover over an item with your mouse and a pushpin will appear on the right of the line you’re hovering over. Click the pushpin on the right and you will pin that on the Jump List. This means that item will always be there when you restart Windows or log off and then back on. (You can click again to unpin as well.) Let’s take a look at an example. In figure 9.8 you see the documents I have recently opened. I am working on the Windows 7 Administrators Black Book and I have been frequently opening it. Figure 9.8 Since I have just started on the book I need to open it a lot and I don’t want to search the hard drive for my document and waste time. So I am going to click on the pushpin to the right as shown in figure 9.9. From here on regardless of how many times I log off and log on or open other documents, the items I push a pushpin on will always be there. 234 Figure 9.9 You can also pin applications to the Start Bar and also pin documents to those application as shown below in figure 9.10. 235 Figure 9.10 236 ReadyBoost Remember when your old computer got slow because there was not enough RAM? You had to go run to the computer store and find these little RAM sticks that gave you more RAM and made your PC faster. Not anymore! Now you can use a thumb drive? What? No kidding. I increased the Physical Memory of the Windows 7 PC I am using by 2GB by using a blank solid state thumb drive and ReadyBoost. If you plug a ReadyBoost-compatible storage device into your computer, the AutoPlay dialog box offers you the option to install ReadyBoost. Once you select the option to install ReadyBoost, Windows shows you how much space you should use on the drive with a recommendation for optimal performance as shown in figure 9.11. Figure 9.11 Next, choose the second or third options to use the device for ReadyBoost. If you will be using the device for ReadyBoost only, you can choose the second option as shown in figure 9.12 and use all the available space on the drive. If you choose the last option you can use the scroll bar to choose how much space to dedicate to physical memory. 237 Figure 9.12 It's really easy to use Windows ReadyBoost. And if the ReadyBoost device is not present it will not harm the operation of the Windows operating system. You can use almost any removable memory device such as a USB flash drive or a secure digital (SD) memory card. ReadyBoost was originally introduced in Windows Vista but was a little known feature. There was a 4GB restriction in Windows Vista but that has been removed so larger flash drives can be used. The limit of one ReadyBoost device has also been removed which gives users the possibility to use multiple flash drives as additional caches in Windows 7. In figure 9.12 you see the new ReadyBoost drive shown as Disk1 on the Computer Managements, Disk Management option. 238 Figure 9.12 Branch Cache Windows BranchCache is included in Windows Server 2008 R2 and Windows 7. BranchCache is a new feature and is not based on the ISA server as many people believe. Basically this feature allows a client to only read content from a peer (or hosted cache server) which matches the content hashes the client retrieved from the original content server. Meaning that the host server will download content once for the original requesting client and then cache a copy of the same material. Alert: It appears that the BranchCache service takes over port 80 which interferes with using Apache on a workstation. Configure Branch Cache Server BranchCache, focused mainly on optimizing your WAN bandwidth using special cache options available only in Windows Server 2008 R2. BranchCache works in scenarios with branch offices where clients interact and request files from a central location such as a headquarters. BranchCache is a simple idea that caches the content downloaded from the central location using a server or other branch clients. Every time that a second client tries to download the content, the request is directly handled within the branch office optimizing the WAN link and downloading time. 239 There are no complex configurations and you can even use an option that does not include a server. There are two types of BranchCache deployment options: Distributed Cache (no server) and Hosted Cache Mode (Windows Server 2008 R2 server). Alert: Distributed Cache environment will only work with Windows Server 2008 R2 and Windows 7 clients. Configure BranchCache Server To configure the Windows 2008 R2 file server to be a BranchCache server, select the Add Features Wizard in the Server Manager and select BranchCache as shown in figure 9.13. Figure 9.13 240 File Services role and the service must be selected to handle BranchCache for remote files as shown in figure 9.14. Figure 9.14 You must now configure Group Policy (GPO) to enable BranchCache. NOTE: Active Directory is recommended but not a requirement for BranchCache. You can use an Active Directory or local policy to apply to this server. The GPO can be located in the Computer Configuration, Policies, Administrative Templates, Network, Lanman Server, and Hash Publication for BranchCache as shown in figure 9.15. 241 Figure 9.15 When you click on the, “Hash Publication for BranchCache” option you will get the screen in figure 9.16 which allows you to enable BranchCache. Click on Enable and select, “Allow hash publication for all file servers.” Figure 9.16 BranchCache Client Configuration On the Windows 7 Client it is pretty easy to configure as well. First you need to configure the GPO by editing the settings in the MMC. You do this by going to Computer Configuration, Policies, Administrative Templates, Network, Turn on BranchCache, and then enable the option as shown in figure 9.17. 242 Figure 9.17 Also in figure 9.17 you need to set several other options. If you are using Distributed Cache, enable “Turn on BranchCache – Distributed Caching Mode”. Or if you are using hosted cache mode you will need to enable, “Turn on BranchCache” and select “Hosted Cache mode”. Optionally, you can also set other values using this set of GPOs, like latency values or setting a percentage of your disk space dedicated to this cache. Also you will need to ensure that you have configured the firewall inbound policies to allow BranchCache connections. 3. Configure the Cache Server For more information you can go to: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID =a9a1ed8a-71ab-468e-a7e0-470fd46e46b3 243 Internet Explorer 8 Internet Explorer 8 is Microsoft’s latest web browser, which comes packed with many new features. Below is an explanation of how to get IE8 up and running and use some of the new features. Let’s take a look at a few new features including Quick Tabs and In Private viewing features. Quick Tabs The Quick Tabs button is the 4 little boxes with the down arrow next to the left of the tabs. They show you all currently open tabs at a glance to help you select the page you need. Each tab shows a scaled down window of the current website you are viewing as shown in figure 9.18. Figure 9.18 Improved Search The search feature has been greatly improved, with smart suggestions and even an inline search as shown in figure 9.19. 244 Figure 9.19 InPrivate Browsing InPrivate Browsing helps prevent websites from and Internet Explorer from obtaining or storing data about your browsing sessions. This includes cookies, temporary Internet files, history, and Windows 7 Features other data. Toolbars and extensions are disabled by default when you use this feature. To turn on this feature go to Safety and select InPrivate browsing as shown in figure 9.20. Note: To turn off the feature repeat the same process. Figure 9.20 245 In figure 9.21, you will notice the new InPrivate logo next to the address in the Address Toolbar on the browser. Figure 9.21 246 Chapter 10 – Devices and Printers Windows 7 makes installing devices and printers about as easy as you can make it. Unlike with Windows XP when Windows Vista came out we had to wait for a lot of plug and play device and printer drivers. In Windows 7, all Vista 32 and 64 bit drivers are compatible. Notice in figure 10.1, I have no printers installed except for the default Microsoft XPS Document writer. But in real like I have an HP OfficeJet 1300n and a Lexmark 7350. In this section we will walk through installing my HP OfficeJet 1300n. We will also look at changing the printer properties as well. Figure 10.1 247 Installing a Printer or Device First, I am going to go to Start, Control Panel, Hardware and Sound as shown in figure 10.2 below. Figure 10.2 Next, unlike going to Printers like previous Windows versions I am going to choose add a device and I see the screen shown in figure 10.3. 248 Figure 10.3 Next, I am simply going to plug in the printer and Windows should give you an acknowledgement as show in figure 10.4. I am using printers that had drivers built in to Widows 7. If I bought a new printer or a device that did not have a driver that was built in, you would either need to download the Vista or Windows 7 driver from the Internet or install them from a CD or DVD. It is always safer to install the driver for the printer or the device before plugging the device in. Figure 10.4 If the printer driver does not match a plug and play device you will see the window shown in figure 10.5 to allow you to either select the printer or select, “Have Disk…” to install the driver if you have one. 249 Figure 10.5 The printer I am installing already has a plug and play driver so I get a pop up asking me which driver to install as shown in figure 10.6. Figure 10.6 250 Next, I receive a screen to identify a name that I will use to identify this printer as shown in figure 10.7. Figure 10.7 When you enter a name and click Next. You will then see the following screen indicating the printer is installing in figure 10.8. Figure 10.8 251 The next screen you will see will indicate that you have installed the printer successfully and give you the option to print a test page as shown in figure 10.9. Figure 10.9 252 Printer Properties Windows 7 allows device manufacturers to create their own properties pages as you can see from the Properties page shown below in figure 10.10. This is a screenshot from my Lexmark 7350 printer. Figure 10.10 The screens that manufacturers can create are very graphical as shown on figure 10.11. 253 Figure 10.11 Now that we have seen the Properties for the Lexmark printer, let’s take a look at the typical properties screen as shown in figure 10.12 Printing Shortcuts tab. 254 Figure 10.12 The General Tab is where you can identify the location of the printer, a description, or try a test print as shown below in figure 10.13. 255 Figure 10.13 The rest of the tabs are pretty similar to those found in previous versions of Windows. For more information on each item please see: http://windows.Microsoft.com/en-US/windows7/Choosing-print-options NOTE: If a printer is configured on an Active Directory domain controller and you add a Windows computer’s account, the printer will be installed on the PC or laptop. 256 Chapter 11 – Windows 7 Games Microsoft has really gone out of their way to make Windows 7 fun for every age group. They have created games that everyone can enjoy and made the quite good, both visually and functionally. I have seen the offices where everyone is playing Solitaire on a Friday afternoon waiting to go home. Well they have a lot more to play with now. And with a lot more features. Windows won’t install the games by default either. So users have some hurtles they have overcome if they want to become non-productive. Well if you are reading this section we are going to first explain how to install the games. Then we will look at the games that come with Windows 7 in three categories which are Internet games, board games, and children’s games. Last we will look at how to get access to over 1,000 other games from Microsoft to install or use on Windows 7. Yikes. Business owners are cringing all over, I can feel it. Installing Games on Windows 7 It’s actually a pretty easy process to install the dames if you have the installation DVD. (I can see I am instructing a million employees everywhere on how to grab their Windows 7 DVD and install the games on their PC’s at work. After you have inserted the Windows 7 DVD, go to Start and then the Control Panel, and then Programs as shown in figure 11.1. Figure 11.1 Then choose Turn Windows Features on or off as shown in figure 11.2. 257 Figure 11.2 Now expand the Games and place and clock the box next to games which will automatically select all the games to install as shown in figure 11.3. 258 Figure 11.3 Figure 11.4 In figure 11.4 we see the results of clicking OK and continuing. On my PC it took about 2 minutes to install the new games and that was it. Not too hard to install. The games no longer show up in Accessories under Programs in the Start Menu as they did in previous versions. They have their own folder as shown in figure 11.5. 259 Figure 11.5 You see the games in the Start Menu under games but there is a Games Explorer as well to see the games in a graphical view as shown in figure 11.6. 260 Figure 11.6 Let’s take a look at these new games in the next three sections. Internet Games Microsoft has made it easy to play games against other opponents of the same skill level on the Internet. Each game includes a chat system with the games as well. But don’t worry about your kids using it. It only allows preconfigured chat messages and you cannot identify who you are, where you’re from, or any personal information whatsoever. All you can do is play a good game with someone. Let’s take a look at the Internet games that come with Windows 7. Microsoft has done a good job at teaching you how to play. In fact every game opens up with an option to learn about how to play the games. The following information came from Microsoft on the numbers of players, difficulty levels and the number of players. 261 Internet Backgammon Backgammon is a two-person board game with a straightforward goal: be the first to move all your pieces around and off the board as shown in figure 11.7. • Number of players: 2 • Difficulty levels: Beginner, intermediate, expert • Typical playing time: 10 to 30 minutes Figure 11.7 Internet Checkers One of the oldest and most popular games in the world is back and better than ever as shown in figure 11.8. • Number of players: 2 • Difficulty levels: Beginner, intermediate, expert • Typical playing time: 10 to 20 minutes 262 Figure 11.8 Internet Spades Spades is a popular, fast-paced card game that demands teamwork and strategy. You guess how many "tricks" or rounds that you and your partner will win as shown in Figure 11.9. • Number of players: 4 • Difficulty levels: Beginner, intermediate, expert • Typical playing time: 10 to 30 minutes Figure 11.9 263 Board games There are a few board games included on the Windows 7 DVD. In this section we will take a look at each of them. Microsoft has done a good job at teaching you how to play. In fact every game opens up with an option to learn about how to play the games. There is also a nice set of instructions in Windows Help as well. Just go to the Start menu, Support and Help and type games. The following information on the board games came from Microsoft on the description, numbers of players, difficulty levels and the number of players. Chess Titans Chess Titans, brings the classic strategy game of chess to life with threedimensional graphics and animations. Highlighted squares show where your pieces can move. Choose a porcelain, marble, or wooden board, and rotate it any way you like. Chess Titans as shown in figure 10.10 is available in premium editions of Windows 7. • Number of players: 1 or 2 • Difficulty levels: 1 (beginner) to 10 (expert) • Typical playing time: 10 to 60 minutes Figure 10.10 264 Minesweeper Minesweeper as shown in figure 10.11 is a deceptively simple test of memory and reasoning. The goal is to uncover empty squares and avoid hidden mines. • Number of players: 1 • Difficulty levels: Beginner, intermediate, advanced • Typical playing time: 1 to 10 minutes Figure 10.11 Mahjong Titans Mahjong Titans as shown in figure 10.12, is a solitaire game played with tiles. Remove matching pairs of tiles from the board. Remove them all and you win! Mahjong Titans is available on premium editions of Windows 7. • Number of players: 1 • Difficulty levels: Varies by tile layout • Typical playing time: 10 to 30 minutes 265 Figure 10.12 Card games There are a number of card games included on the Windows 7 DVD. In this section we will take a look at each of them. Microsoft has done a good job at teaching you how to play the card games. In fact every game opens up with an option to learn about how to play the games. There is also a nice set of instructions in Windows Help as well. You can see these by going to the Start menu, Support and Help and type games. The following information on the board games came from Microsoft on the description, numbers of players, difficulty levels and the number of players. FreeCell Game FreeCell is as shown in figure 11.13 is a form of solitaire played with a single deck. • Number of players: 1 • Difficulty levels: One level • Typical playing time: 10 to 20 minutes 266 Figure 11.13 Hearts Game Hearts as shown in figure 11.14 is a card game that you play in rounds against three computer opponents. • Number of players: 1 (against 3 computer opponents) • Difficulty levels: One level • Typical playing time: 10 to 20 minutes Figure 11.14 267 Solitaire Game Solitaire as shown in figure 11.16 is based on the most popular variant of solitaire, Klondike. You can change the look of the cards by going to Game and Change Appearance as shown in figure 11.15. Number of players: 1 Difficulty levels: One level Typical playing time: 1 to 15 minutes Figure 11.15 Figure 11.15 268 Spider Solitaire Game Spider Solitaire as shown in figure 11.18 is a variant of solitaire that uses two decks' worth of cards instead of one. Just like in Solitaire you can change the face of the cards as shown in figure 11.17. • Number of players: 1 • Difficulty levels: Beginner, intermediate, advanced • Typical playing time: 1 to 15 minutes Figure 11.17 Figure 11.18 269 Children's Games Purble Place is a three in one game which includes: Comfy Cakes, Purble Shop, and Purble Pairs. This game teaches children memory, pattern recognition, and reasoning skills. Microsoft has done a good job at teaching you how to play the card games. In fact every game opens up with an option to learn about how to play the games. There is also a nice set of instructions in Windows Help as well. You can see these by going to the Start menu, Support and Help and type games. The following information on the children’s games came from Microsoft on the description, numbers of players, difficulty levels and the number of players. Below you will see the start screen for Purble Place in figure 11.19. Each building you see in the picture takes you to one of the games. Figure 11.19 270 Comfy Cakes This game shown in figure 11.20, puts you in Chef Purble's bakery, where you must complete an order for a batch of cakes. The bakery's customers are very picky and the cakes must be made exactly as ordered. • Number of players: 1 • Difficulty levels: Beginner, intermediate, advanced • Typical playing time: 1 to 5 minutes Figure 11.20 Purble Shop This game shown in figure 11.21, tests your powers of deduction. The goal is to make your Purble's face match the mystery Purble behind the curtain. • Number of players: 1 • Difficulty levels: Beginner, intermediate, advanced • Typical playing time: 1 to 5 minutes Figure 11.21 271 Purble Pairs In this game shown in figure 11.22, your goal is to find all the matching pairs of pictures before time runs out. It is similar to the game Concentration. • Number of players: 1 • Difficulty levels: Beginner, intermediate, advanced • Typical playing time: 1 to 10 minutes Figure 11.22 More Games! Microsoft has a number of games by going to this URL: http://zone.msn.com/en/root/gamebrowser.htm This website allows you to download or play up to 1000 different games such as those shown in figure 11.23. Figure 11.23 Notice in figure 11.24 from the same website that there are actually over 750 games you can download on to your Windows 7 computer. 272 Figure 11.24 273 Chapter 12 - Windows Media Player Window Media Player in Windows 7 is new and improved. By default it is already pinned right on your Suberbar too as shown in Figure 12.1. It is the highlighted icon with the book and arrow pointing to the right. Figure 12.1 The use features are generally the same as previous version except for a much glassier look. Since Windows 7 is focused around security, in this section we will learn about using customization to configure privacy options in Windows Media Player. Let’s take a quick look at the new Windows Media Player as shown in figure 12.2. Figure 12.2 274 Libraries Notice in the top right hand corner of the screen in figure 12.2 there are three boxes with an arrow. That is a button that will take you instantly to your Libraries. A new feature in Windows 7 and has its own icon on the Superbar by default which is the icon with a folder as shown in figure 12.1. Let’s look at this new feature in figure 12.3. Figure 12.3 This is the new equivalent of Windows Explorer in Windows 7. In figure 12.4, let’s take a more graphical look as this is the only way I think we can identify all the features of the Library. 275 Figure 12.4 276 Windows Media Player Privacy Settings Internet Explorer and many other programs gather and send data about what we do to people we don’t know and without our knowledge. It almost makes me upset how many programs do this. And not always for marketing purposes either. Now we can do something about it. To configure privacy settings, when setting up WMP11 for the first time, click on the Windows Media Player icon on the Superbar or go to Start, Programs, and Windows Media Player. Then select Custom Settings and click Next as shown in figure 12.5. Figure 12.5 In figure 12.6 you can adjust the privacy options to your liking. Review the screenshot for my recommendations. The current settings shown are my personal recommendations. 277 Figure 12.6 Once you are have started Windows Media Player you can adjust the Privacy Settings by right clicking on the display bar and choosing More Options, then the Privacy Tab as shown in figure 12.7. 278 Figure 12.7 With these settings your privacy is now protected when viewing and listening to media on the Internet or the local network. 279 Chapter 13 -Computer Management The Computer Management console is used primarily for administrators but has some pretty nice features and can help you understand what is going on with your Windows 7 computer. In this section we will look at the following: • Schedule a task • Event Viewer • Local Users and Groups • Performance Monitor • Device Manager • Disk Management 280 Schedule a task You must be logged on as an administrator account to perform these steps. If you use a specific program on a regular basis, you can use the Task Scheduler wizard to create a task that opens the program for you automatically. For example we have a server that needs to be rebooted at a certain time of the week, every Friday. That reboot can now be made an automated task as shown in figure 13.1. Figure 13.1 To configure a Task, click the Action menu, and then click Create Basic Task. Type the name you want to use for the task. You can also enter an optional description, and then click Next. NOTE: To select a schedule to run Daily, Weekly, Monthly, or One time, click Next; specify the schedule you want to use, and then click Next again. To schedule a task based on common recurring events, click, “When the computer starts”, or “When you log on”, and then click Next. If there are specific events, click “When a specific event is logged”, click Next; specify the event log and other information using the drop-down lists, and then click Next. 281 To schedule a program to start automatically, simply select Start a program, and then click Next. Then click Browse to find the program you want to start, and then click Next again and then click Finish. Event Viewer Event viewer as shown in figure 13.2 is a viewer that allows you to read log files which are files that record events on your computer system including errors from programs, operating system errors, configuration errors, and user errors. Whenever these types of events occur, Windows records the event in an event log. The event log helps administrator find the detailed explanations of the cause of this issues. Figure 13.2 Windows Logs include: classifies the system error events in to issues such as an error, warning, or information, depending on the severity of the event. Event viewer can also be accessed from Control Panel, System and Security, then Administrative Tools. As shown in figure 13.3. 282 Figure 13.3 Figure 13.4 Administrative Events Events are classified as error, warning, or information, depending on the severity of the event. An error is a significant problem, such as loss of data. A warning is an event that isn't necessarily significant, but might indicate a possible future problem. An information event describes the successful operation of a program, driver, or service. 283 Security-related events These events are called audits and are described as successful or failed depending on the event, such as whether a user trying to log on to Windows was successful. Setup events. Computers that are configured as domain controllers will have additional logs displayed here. System events. System events are logged by Windows and Windows system services, and are classified as error, warning, or information. Forwarded events. These events are forwarded to this log by other computers. Figure 13.5 Figure 13.6 284 Local Users and Groups Here you can create users that can log in to the computer or user accounts that can run services. A user group is a collection user accounts can be a member of more than one security, global, or domain group. A user account is often referred to by the user group that it is in such as the administrator account. you can create custom user groups, move accounts from one group to another, and add or remove accounts from different groups. When you create a custom user group, you can choose which rights to assign. You can create a user named Admin but until you add that user to the Administrators Group on the local PC he is a regular user with hardly any rights as shown in figure 13.6. Figure 13.7 Performance Monitor Performance Monitor is found in Windows 7, Windows Server 2008 R2, and Windows Vista. It is a powerful tool to help you visualize your PC’s performance data in real time or from a log file. Performance Monitor allows you to examine the data it collects in a graph, histogram, or report as shown figure 13.7. You can run Performance Monitor either on the PC or remotely from another PC or server. ALERT: Your user account must be included in the local Performance Log Users group to complete this procedure. 285 Figure 13.8 Device Manager Device Manager as shown in figure B.5 allows you to view and update the device drivers installed on your computer. You can also check to see if hardware is properly installed or modify the current hardware settings. 286 Figure 13.9 NOTE: You can open Device Manager: Click the Start button. In the search box, type Device Manager, and then, in the list of results, click Device Manager. . 287 Disk Management Disk Manager as shown in figure 13.10 is a utility that manages the system disks, volumes and partitions on the PC. With Disk Management, you can initialize disks; create volumes, format volumes with file systems FAT, exFAT, FAT32 or NTFS. You can also extend a disk, reduce a disk, check if a disk is healthy or unhealthy, create partitions, delete partitions, or change a drive letter. Figure 13.10 Alert: Windows help does not have detailed information on how to use this feature. This topic is covered in detail in the Windows 7 Professional – The Little Black Book or you can see: http://windows7forums.com/windows-7-software/2076-disk-manager.html Shrink Volume 1. Open the Control Panel (All Items view), and click on the Administrative Tools icon. (Close the Control Panel window.) 2. Click on Computer Management in Administrative Tools, then close the Administrative Tools window. 3. In the left pane under Storage, click on Disk Management. 288 4. In the middle pane, right click on the partition that you want to shrink and click on Shrink Volume as shown below in figure 13.11. Figure 13.11 5. The utility will run and display how much space the utility can create as shown below in figure 13.12. Figure 13.12 6. After you click Shrink, the selected partition will be shrunk and a new empty unallocated space will be created. 289 Creating A Partition or Volume 1. In Computer Management click Storage, click on Disk Management. Figure 13.13 2. In the middle pane as shown in figure 13.13, right click on the empty unallocated partition or volume and click on New Simple Volume. 3. Click on the Next button. 4. Next create a Simple Volume. Identify how many MB (1 GB = 1024 MB) you want to use from the unallocated partition to create the new partition, and then click on the Next button. 5. Select an available drive letter that you want the drive to be assigned to. 6. Choose whether to format the drive with FAT or NTFS, enter the volume label name, and check the “Perform a quick format” box, and click on the Next button as shown in figure 13.14. Figure 13.14 290 Figure 13.15 7. As shown in figure 13.15, all the information you entered is summed up and will create the simple volume when you press Finish. 291 Extend Volume If you have too small a partition and have available unallocated space, you can increase the size of a partition. Right-click the partition, select "Extend Volume," and enter the amount of extra space required. Windows 7 may impose limits on the amount of space that can be added. Delete Volume If you are certain that you no longer need the contents of a partition or volume, and would like to use it differently, right-click on the partition and select "Delete Volume." Accept the warning by clicking "OK" to delete the partition. Change Drive Letter Change a drive letter. Right-click on a partition and select "Change drive letters and paths." The current drive letter will display. The "Add" button typically allows the partition to be placed inside an existing NTFS folder. Click "Change" to assign a new drive letter. Windows 7 will disallow any changes if the partition is currently used as a system, boot, or pagefile drive. 292 Administrative Tools In figure 13.16 you see a list of the tools in Administrative Tools. You can easily find it by going to the Start Bar and typing Admiistrative Tools in the search area. Figure 13.15 Let’s look at a description of each tool: Component Services Configure and administer Component Object Model (COM) components. Component Services is designed for use by developers and administrators. Computer Management Allows you to manage local or remote computers using a single, consolidated desktop tool. Using Computer Management, you can perform many tasks, such as monitoring system events, configuring hard disks, managing system performance, and more. 293 Data Sources (ODBC) Use Open Database Connectivity (ODBC) to move data from one type of database (a data source) to another. Event Viewer View information about significant events, such as a program starting or stopping, or a security error, which are recorded in event logs. iSCSI Initiator Allows you to configure advanced connections between storage devices on a network. Local Security Policy Allows you to view and edit Group Policy security settings. Performance Monitor Allows you to view advanced system information about the central processing unit (CPU), memory, hard disk, and network performance. Print Management Allows you to manage printers and print servers on a network and perform other administrative tasks. Services Allows you to manage the different services that run in the background on your computer. System Configuration Allows you to identify problems that might be preventing Windows from running correctly. For more information, see Using System Configuration. Task Scheduler Allows you to schedule programs or other tasks to run automatically. For more information, see Schedule a task. 294 Windows Firewall with Advanced Security Allows you to configure advanced firewall settings on both this computer and on remote computers in your network. Read more about this feature in Chapter 3. Windows Memory Diagnostic Allows you to check your computer's memory to see if it's functioning properly. Formatting Your Volume FAT16 The FAT16 file system was introduced way back with MS–DOS in 1981, and it's showing its age. It was designed originally to handle files on a floppy drive, and has had minor modifications over the years so it can handle hard disks, and even file names longer than the original limitation of 8.3 characters, but it's still the lowest common denominator. The biggest advantage of FAT16 is that it is compatible across a wide variety of operating systems, including Windows 95/98/Me, OS/2, Linux, and some versions of UNIX. The biggest problem of FAT16 is that it has a fixed maximum number of clusters per partition, so as hard disks get bigger and bigger, the size of each cluster has to get larger. In a 2–GB partition, each cluster is 32 kilobytes, meaning that even the smallest file on the partition will take up 32 KB of space. FAT16 also doesn't support compression, encryption, or advanced security using access control lists. FAT32 The FAT32 file system, was originally introduced in Windows 95 Service Pack 2, is really just an extension of the original FAT16 file system that provides for a much larger number of clusters per partition. As such, it greatly improves the overall disk utilization when compared to a FAT16 file system. NTFS The NTFS file system, introduced in Windows NT, is a completely different file system from FAT. It provides for greatly increased security, file–by–file compression, quotas, and even encryption. It is the default file system for new installations of Windows 7, and if you're doing an upgrade from a previous version of Windows, you'll be asked if you want to convert your existing file systems to NTFS. 295 The NTFS file system is generally not compatible with other operating systems installed on the same computer, nor is it available when you've booted a computer from a floppy disk. Sidebar: Drawbacks of FAT If you're running more than one operating system on a single computer you will definitely need to format some of your volumes as FAT. Any programs or data that need to be accessed by more than one operating system on that computer should be stored on a FAT16 or possibly FAT32 volume. Keep in mind that you have no security for data on a FAT16 or FAT32 volume—anyone with access to the computer can read, change, or even delete any file that is stored on a FAT16 or FAT32 partition. In many cases, this is even possible over a network. So do not store sensitive files on drives or partitions formatted with FAT file systems. exFAT Extended file allocation table (exFAT) is a new file system that is better adapted to the growing needs of mobile personal storage. The exFAT file system not only handles large files, such as those used for media storage, it enables seamless interoperability between desktop PCs and devices such as portable media devices so that files can easily be copied between desktop and device. The exFAT system offers the following advantages: • Enables the file system to handle growing capacities in media, increasing capacity to 32 GB and larger. • Handles more than 1000 files in a single directory. • Speeds up storage allocation processes. • Removes the previous file size limit of 4 GB. • Supports interoperability with future desktop OSs. • Provides an extensible format, including OEM-definable parameters to customize the file system for specific device characteristics. 296 DirectAccess Overview DirectAccess is a brand new feature in the Windows 7 and Windows Server® 2008 R2 operating systems that gives users the experience of being seamlessly connected to their corporate network any time they have Internet access. DirectAccess enabled, requests for corporate resources (such as e-mail servers, shared folders, or intranet Web sites) are securely directed to the corporate network, without requiring users to connect to a virtual private network (VPN). DirectAccess provides increased productivity for a mobile workforce by offering the same connectivity experience both in and outside of the office. Businesses can also benefit from DirectAccess in many ways with new and improved manageability of remote users. Without DirectAccess, computer professionals at the business could only manage mobile computers when users connect to a VPN or physically enter the office. With DirectAccess they can now manage the mobile computers by updating Group Policy settings and distributing software updates any time the mobile computer has Internet connectivity, even if the user is not logged on. Taking advantage of technologies such as Internet Protocol version 6 (IPv6) and Internet Protocol security (IPsec), DirectAccess provides secure and flexible network infrastructure for enterprises. Let’s look at a list of DirectAccess security and performance capabilities: • Better authentication: DirectAccess authenticates the computer, enabling the computer to connect to the intranet before the user logs on and can also authenticate the user and supports two-factor authentication using smart cards. • Encryption: DirectAccess uses IPsec to provide encryption for communications across the Internet. • Better access control: Computer support professionals can configure the intranet resources differently for users. Allowing individual users or a group of users access use specific applications, servers or even subnets. • Simplification and Cost Reduction. DirectAccess separates intranet from Internet traffic, which reduces unnecessary traffic on the corporate network by sending only traffic destined for the corporate network through the DirectAccess server. 297 Chapter 14-IPv4 and IP6 We will only go into a brief overview of IP4 and IP6 in this book. For more detailed information on both protocols visit these links: IPv4 http://en.wikipedia.org/wiki/IPv4#Address_representations IPv6 http://www.microsoft.com/downloads/details.aspx?FamilyID=CBC0B8A3- B6A4-4952-BBE6-D976624C257C&displaylang=en IP Version 4 Although IP stands for Internet Protocol, it's a communications protocol used from the smallest private network to the massive global Internet. An IP address is a unique identifier given to a single device on an IP network. The IP address consists of a 32-bit number that ranges from 0 to 4294967295. This means that theoretically, the Internet can contain approximately 4.3 billion unique objects when using IPv4. But to make such a large address block easier to handle, it was chopped up into four 8-bit numbers, or "octets," separated by a period. Instead of 32 binary base-2 digits, which would be too long to read, it's converted to four base-256 digits. Octets are made up of numbers ranging from 0 to 255. The numbers below show how IP addresses increment. 0.0.0.0 0.0.0.1 ...increment 252 hosts... 0.0.0.254 0.0.0.255 0.0.1.0 0.0.1.1 ...increment 252 hosts... 0.0.1.254 0.0.1.255 0.0.2.0 0.0.2.1 ...increment 4+ billion hosts... 255.255.255.255 The word subnet is short for sub network--a smaller network within a larger one. The smallest subnet that has no more subdivisions within it is considered a 298 single "broadcast domain," which directly correlates to a single LAN (local area network) segment on an Ethernet switch. Broadcast Domains The broadcast domain serves an important function because this is where devices on a network communicate directly with each other's MAC addresses, which don't route across multiple subnets, let alone the entire Internet. MAC address communications are limited to a smaller network because they rely on ARP broadcasting to find their way around, and broadcasting can be scaled only so much before the amount of broadcast traffic brings down the entire network with sheer broadcast noise. For this reason, the most common smallest subnet is 8 bits, or precisely a single octet, although it can be smaller or slightly larger. Subnets Subnets have a beginning and an ending, and the beginning number is always even and the ending number is always odd. The beginning number is the "Network ID" and the ending number is the "Broadcast ID." You're not allowed to use these numbers because they both have special meaning with special purposes. The Network ID is the official designation for a particular subnet, and the ending number is the broadcast address that every device on a subnet listens to. Anytime you want to refer to a subnet, you point to its Network ID and its subnet mask, which defines its size. Anytime you want to send data to everyone on the subnet (such as a multicast), you send it to the Broadcast ID. Subnets can be subdivided into smaller subnets and even smaller ones still. The most important thing to know about chopping up a network is that you can't arbitrarily pick the beginning and ending. The chopping must be along clean binary divisions. Let’s take a look at the subnets in figure 14.1 299 Figure 14.1 Subnet Mask Role The subnet mask plays a crucial role in defining the size of a subnet. Take a look at figure 14.1. Notice the pattern and pay special attention to the numbers in red. Whenever you're dealing with subnets, it will come in handy to remember eight special numbers that reoccur when dealing with subnet masks. They are 255, 254, 252, 248, 240, 224, 192, and 128. You'll see these numbers over and over again in IP networking, and memorizing them will make your life much easier. Determine Default Subnet Mask: Each of Classes A, B and C has a default subnet mask, which is the subnet mask for the network prior to subnetting. It has a 1 for each network ID bit and a 0 for each host ID bit. For Class C, the subnet mask is 255.255.255.0. In binary, this is: 11111111 11111111 11111111 00000000 300 Change Left-Most Zeroes To Ones For Subnet Bits: We have decided to use 3 bits for the subnet ID. The subnet mask has to have a 1 for each of the network ID or subnet ID bits. The network ID bits are already 1 from the default subnet mask, so, we change the 3 left-most 0 bits in the default subnet mask from a 0 to 1, shown highlighted below. This results in the following custom subnet mask for our network: 11111111 11111111 11111111 11100000 Convert Subnet Mask To Dotted Decimal Notation: We take each of the octets in the subnet mask and convert it to decimal. The result is our custom subnet mask in the form we usually see it: 255.255.255.224. NOTE: Express Subnet Mask In “Slash Notation”: Alternately, we can express the subnet mask in “slash notation”. This is just a slash followed by the number of ones in the subnet mask. 255.255.255.224 is equivalent to “/27”. The subnet mask not only determines the size of a subnet, but it can also help you pinpoint where the end points on the subnet are if you're given any IP address within that subnet. The reason it's called a subnet "mask" is that it literally masks out the host bits and leaves only the Network ID that begins the subnet. Once you know the beginning of the subnet and how big it is, you can determine the end of the subnet, which is the Broadcast ID. To calculate the Network ID, you simply take any IP address within that subnet and run the AND operator on the subnet mask. Let's take an IP address of 10.20.237.15 and a subnet mask of 255.255.248.0. Using Binary Math The binary version shows how the 0s act as a mask on the IP address on top. Inside the masking box, the 0s convert all numbers on top into zeros, no matter what the number is. When you take the resultant binary Network ID and convert it to decimal, you get 10.20.232.0 as the Network ID. Often I see computer support technicians in the field using this slow and cumbersome technique to convert everything to binary and then convert back to decimal using the Windows Calculator. But there's a really simple shortcut using the Windows Calculator, since the operator works directly on decimal numbers. Simply punch in 237, hit the AND operator, and then 248 and [Enter] to instantly get 232.. I'll never understand why this isn't explained to students in manuals, because it makes subnet mask calculations a lot easier. NOTE: Configuring an IP4 address is covered in Chapter 4. 301 IP Version 6 A brand new Next Generation TCP/IP stack with enhanced support for Internet Protocol version 6 (IPv6) is included in Windows 7. We will take a look at IPv6 and where to configure the IP address settings. This exam does not cover anything beyond that. So this will be a basic overview. The need for upgrading from IPv4 to IPv6 is driven by a number of reasons. The exponential growth of the Internet is rapidly exhausting the existing IPv4 public address space. A temporary solution to this problem has been found in Network Address Translation (NAT), which is a technology that maps multiple private (intranet) addresses to a single public (Internet) address. IPv6 uses a 128-bit address, meaning that we have a maximum of 2¹² addresses available, or: 340,282,366,920,938,463,463,374,607,431,768,211,456 Probably enough to give multiple IP addresses to every person and grain of sand on the planet. We probably will have enough if we invite several other largely inhabited planets outside our solar system to join us on the World Wide Web. The IPv6 address space was designed to be hierarchical rather than flat in structure, and routing tables for IPv6 routers will be much smaller and more efficient than those on IPv4 routers. IPv6 also has enhanced support for Quality of Service (QoS) by including a Traffic Class field in the header to specify how traffic should be handled along with a new Flow Label field in the header that enables routers to identify packets that belong to a particular traffic flow and handle them appropriately. Anycast An anycast address is a single address assigned to multiple nodes(computers). A packet sent to an anycast address is then delivered to the first available node. This is a slick way to provide both load-balancing and automated failover. Basically, an IPv6 packets with anycast destination addresses are delivered to the nearest interface specified by the address. Currently, anycast addresses are assigned only to routers and can only represent destination addresses. 302 IPv6 Addressing Address Dissection An IPv6 address looks like this 2001:0db8:3c4d:0015:0000:0000:abcd:ef12 2001:0db8:3c4d | 0015 | abcd:ef12 Global Prefix | Subnet | Interface ID Prefix The prefix identifies it as a global unicast address which has three parts: • A network identifier • A subnet • A interface identifier The global routing prefix must be assigned to you, either by direct assignment from a Regional Internet Registry like APNIC, ARIN, or RIPE NCC. The subnet and interface IDs are controlled by you, the hardworking local network administrator. You'll probably be running mixed IPv6/IPv4 networks for some time. IPv6 addresses must total 128 bits. IPv4 addresses are represented like this: 0000:0000:0000:0000:0000:0000:192.168.1.10 Eight blocks of 16 bits each are required in an IPv6 address. The IPv4 address occupies 32 bits, so that is why there are only seven colon-delimited blocks. The localhost address is 0000:0000:0000:0000:0000:0000:0000:0001. Naturally we want shortcuts, because these are long and all those zeroes are just dumb-looking. Leading zeroes can be omitted, and contiguous blocks of zeroes can be omitted entirely as shown below: 2001:0db8:3c4d:0015:0:0:abcd:ef12 2001:0db8:3c4d:0015::abcd:ef12 Lucky for you this exam doesn’t cover routing. Just assigning an IP address to an interface. So let’s take a look at that in the next section. 303 Configuring a IPv6 Address 1. Go to the Start Bar, Control Panel, Network and Internet, then choose Network Sharing. Note: You can also Right-click your network connection, and then click Properties. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. 2. Under Your Active Networks double click on the connection you want to configure as shown in figure 14.2. Figure 14.2 3. Click the Properties button and answer ‘”yes” to any UAC prompts that you get. 4. Select Internet Protocol Version 6 (TCP/IPv6) and click Properties to open the Internet Protocol Version 6 (TCP/IPv6) Properties sheet as shown in Figure 14.3 304 Figure 14.3 5. Configure the IPv6 settings for the network connection as shown in figure 14.4. You can also validate the new TCP/IP settings using the Windows Network Diagnostics Troubleshooter. The settings shown allow the computer to get an address from DHCP. I think that it will be only servers that get static IP’s as IPv6 has some pretty long numbers. For more information see: http://technet.microsoft.com/en-us/library/bb878005.aspx 305 Chapter 15-Outlook Express Where Are You? What happened to Outlook Express? I can feel the steam on some of you already with the answer I am going to give. I will let Microsoft answer it by typing, “Outlook Express” in the Help and Support search. And…Here is the answer you give: “Outlook Express isn't included in this version of Windows. To use email, you'll need another email program from Microsoft or another company. Another option is to use a webbased email service, which doesn't require you to install a program.” For more information about programs you can use, go to the Windows website as well as for some options. Most readers of this book are businesses and they have Microsoft Outlook installed from their Microsoft Office installation. So we will focus on that in this next section. Configuring Microsoft Outlook for Email Microsoft Outlook in figure 15.1 is the most commonly used mail clinet for PC’s. This whole section will help you configure the major components of Microsoft Outlook as well as some troubleshooting. Figure 15.1 I am going to configure email using information from Yahoo! Mail. If you have another mail provider you will need to contact them to get their information. 306 POP Yahoo! Mail Plus with Microsoft for Outlook 2007 Here we will walk you through a number of options. These instructions are so close for Outlook 97-2007 that you should be able to figure out the differences on your own. First open outlook as shown in figure 15.2 Figure 15.2 8. In the Outlook Toolbar, click on Tools 9. Select E-mail Accounts 10. In the Email Accounts window, click Add a new e-mail account 11. Click Next. 12. Select POP3 13. Click Next. 14. Type your name (This name will show up to others when they receive your email) 15. E-mail address should be your Yahoo! Mail address. 16. Type your full email address as your login name.(e.g., "example@yahoo.com") 17. Password is your Yahoo! Mail password. (Ensure you are entering the correct password) 307 18. Enter Incoming Mail Server (POP3): plus.pop.mail.yahoo.com 19. Enter Outgoing Mail Server (SMTP): plus.smtp.mail.yahoo.com 20. Click More Settings. 21. Click on Outgoing Server tab and check the box next to "My outgoing server (SMTP) requires authentication". 22. Click OK. 23. Click Next. 24. Click Finish. Configuring Microsoft Outlook ’98-2007 Use the Address Book dialog box to look up e-mail and fax information when you address messages. There can be several types of address books in the Address Book dialog box including the Global Address List, Personal Address Book, and Outlook Address Book. Select these address books in the Show names from the box. Contacts in the Contacts folder that include an entry in the E-mail field or one of the fax phone number fields automatically appear in the Outlook Address Book. To open the Address Book dialog box, click Tools on the menu bar and then click Address book. Schedule an appointment as shown in figure 15.3. 1) On the File menu, point to New, and then click Appointment. 2) In the Subject box, type a description. 3) In the Location box, enter the location. 4) Enter start and end times. 5) Select other options you want. 6) Click Save and Close. 308 Figure 15.3 Schedule a recurring appointment 1) Click Calendar. 2) On the Actions menu, click New Recurring Appointment. 3) Enter start and end times. 4) Click the frequency (Daily, Weekly, Monthly, Yearly) at which the appointment recurs, and then select options for the frequency. 5) Click OK. 6) In the Subject box, type a description. 7) In the Location box, enter the location. 8) Select other options you want. Click Save and Close. Note: In Calendar, you can also create an appointment by selecting a block of time, right-clicking, and then clicking New Appointment on the shortcut menu. Schedule a meeting 309 1) Click Calendar. 2) On the Actions menu, click Plan a meeting. 3) Invite attendees. 4) Determine a meeting time. 5) Click Make Meeting. 6) In the Subject box, type a description. 7) Enter the location in the Location box. 8) Select other options you want. 9) Click Send. Schedule a recurring meeting 1) Click Calendar. 2) On the Actions menu, click Plan a meeting. 3) Invite attendees. 4) Determine a meeting time. 5) Click Make Meeting. 6) In the Subject box, type a description. 7) Enter the location in the Location box. 8) Select other options you want. 9) On the Actions menu, click Recurrence. 10) Select the recurrence pattern and range of recurrence options you want. Click OK, and then click Send. Create an event Events are defined as lasting from midnight to midnight. 1) Click Calendar. 2) On the Actions menu, click New All Day Event. 3) In the Subject box, type a description. 4) In the Location box, enter the location. 5) Select other options you want. To indicate to people viewing your Calendar that you are out of office instead of free, click Out of Office. 6) Click Save and Close. 310 About archive and AutoArchive Your Outlook mailbox grows as items are created in the same way that papers pile up on your desk. In the paper-based world, you can occasionally shuffle through your documents and store those that are important but not frequently used. Documents that are less important, such as newspapers and magazines, you can discard based on their age. You can quickly complete the same process in Outlook. You can manually transfer old items to a storage file by clicking Archive on the File menu, or you can have old items automatically transferred by using AutoArchive. Items are considered old when they reach the age you specify. With AutoArchive, you can either delete or move old items. Outlook can archive all types of items, but it can only locate files that are stored in a e-mail folder, such as a Microsoft Excel spreadsheet or Word document attached to an e-mail message. A file that is not stored in a e-mail folder cannot be archived. AutoArchive is a two-step process. First, you turn on AutoArchive. On the Tools menu, click Options, click the Other tab, and then click AutoArchive. Second, you set the AutoArchive properties for each folder that you want archived. At the folder level, you can determine which items are archived, and how often they are archived. You can automatically archive individual folders, groups of folders, or all Outlook folders. The process runs automatically whenever you start Outlook. The AutoArchive properties of each folder are checked by date, and old items are moved to your archive file. Items in the Deleted Items folder are deleted. Several Outlook folders are set up with AutoArchive turned on. These folders and their default aging periods are Calendar (6 months), Tasks (6 months), Journal (6 months), Sent Items (2 months), and Deleted Items (2 months). Inbox, Notes, Contacts, and Drafts do not have AutoArchive activated automatically. There is a difference between exporting and archiving. When you archive, the original items are copied to the archive file, and then removed from the current folder. When you export, the original items are copied to the export file, but are not removed from the current folder. In addition, you can only archive one file type, a personal folder file, but you can export many file types. When you archive, your existing folder structure is maintained in your new archive file. If there is a parent folder above the folder you chose to archive, the parent folder is created in the archive file, but items within the parent folder are not archived. In this way, an identical folder structure exists between the archive file and your mailbox. Folders are left in place after being archived, even if they are empty. 311 Archive items manually 1) On the File menu, click Archive. 2) To archive all folders, click Archive all folders according to their AutoArchive settings. To archive one folder only, click Archive this folder and all subfolders, and then click the folder that contains the items you want to archive. 3) In the Archive file box, type a file name for the archived items to be transferred to, or click browse to select from a list. 4) In the Archive items older than box, enter a date. Items dated before this date will be archived. Set AutoArchive properties for a folder Turn on AutoArchive 1) On the Tools menu, click Options, and then click the Other tab. 2) Click AutoArchive. 3) To set AutoArchive to turn on when you start Outlook, select the AutoArchive every check box. 4) To specify how often the AutoArchive process will run, enter a number in the days box. 5) To be notified before the items are archived, select the Prompt before AutoArchive check box. 6) In the Default archive file box, type a file name for the archived items to be transferred to, or click Browse to select from a list. Now that you have turned on AutoArchive, you must set AutoArchive properties for each folder to activate AutoArchive. Set AutoArchive properties for a folder 1) Right-click the folder you want to AutoArchive, and then click Properties on the shortcut menu. 2) Click the AutoArchive tab. 312 3) To enable automatic archiving of this folder, select the Clean out items older than check box. 4) To specify when items should be automatically transferred to your archive file, enter a number in the months box. 5) To specify a file for the archived items to be transferred to, click Move old items to. 6) In the Move old items to box, type a file name for the archived items, or click Browse to select from a list. Note: To activate AutoArchive, you must turn on AutoArchive. On the Tools menu, click Options, click the Other tab, and then click AutoArchive. Delete old items automatically 1) Right-click the folder that contains the items you want to delete automatically, and then click Properties on the shortcut menu. 2) Click the AutoArchive tab. 3) To enable automatic archiving of this folder, select the Clean out items older than check box. 4) To specify when items should be deleted, enter a number in the months box. 5) To have items automatically deleted, click Permanently delete old items. Note: To activate AutoArchive, you must turn on AutoArchive before setting individual folder properties. On the Tools menu, click Options, click the Other tab, and then click AutoArchive. Select the AutoArchive every check box. Delete expired e-mail messages when archiving 1) On the Tools menu, click Options, and then click the Other tab. 2) Click AutoArchive. 3) To turn on AutoArchive, select the AutoArchive every check box. 4) To specify how often the AutoArchive process will run, enter a number in the days box. 5) To delete rather than archive expired messages, select the Delete expired items when AutoArchiving check box. 6) In the Default archive file box, type a file name for the archived items, or click Browse to select from a list. 7) To activate AutoArchive, you must set AutoArchive properties for each e-mail folder individually. 313 Add a Personal Address Book to a user profile 1) On the Tools menu, click Services. 2) On the Services tab, click Add. 3) In the Available information services box, click Personal Address Book. 4) Click OK. 5) On the Personal Address Book tab, enter a name for the Personal Address Book in the Name box. In the Path box, enter the path of the Personal Address Book. 6) Click OK twice. Quit and restart Outlook. 314 Create a personal distribution list You must have a Personal Address Book set up in your user profile to create a personal distribution list. If you do not have one, follow the steps outlined above. 1) On the Tools menu, click Address Book. 2) Click File from the menu bar, then New Entry. 3) In the “Select the entry type” box, click Personal Distribution List, and then click OK. 4) In the Name box, type a name for the group. Click Add/Remove members. 5) In the “Show names from the” box, select the address book that contains the names you want to add to your personal distribution list. In the “Select from list” box, double-click each name you wish to add. When double-clicked, each name should move into the box on the far right-hand side. When done, click OK twice to get out. Add a name to a personal distribution list 1) On the Tools menu, click Address Book. 2) In the “Show names from the” box, click Personal Address Book. 3) In the “Select from list” box, double-click the name of the list you wish to add a person to. Click Add/Remove members. 4) In the “Show names from the” box, select the address book that contains the names you want to add to the personal distribution list. 5) In the “Select from list” box, double-click each name you wish to add. When double-clicked, each name should move into the box on the far right-hand side. When done, click OK twice to get out. 315 Remove a name from a personal distribution list 1) On the Tools menu, click Address Book. 2) In the “Show names from the” box, click Personal Address Book. 3) In the Type name or “Select from list” box, type the name of the personal distribution list to remove a name from. Double-click the name. 4) Click Add/Remove members. 5) In the “Personal distribution list”, select the name to remove. Press DELETE on your keyboard and then click OK. Delete a personal distribution list 1) On the Tools menu, click Address Book. 2) In the Show names from the box, click Personal Address Book. 3) In the “Select from list” box, double-click the name of the distribution list you wish to delete. Press DELETE on your keyboard. Then click OK. Create a folder for items 1) On the File menu, point to New, and then click Folder. 2) In the Name box, enter a name for the folder. 3) In the Folder contains box, click the type of items you want the folder to contain. 4) In the Select where to place the folder list, click the location for the folder. Move a folder 1) On the View menu, click Folder List. 2) Click the folder you want to move. 3) On the File menu, point to Folder, and then click Move Folder name. In the Move the selected folder to the folder list, click the location where you want to move the folder. Delete a folder 1) On the View menu, click Folder List. 2) Click the folder you want to delete. 316 On the File menu, point to Folder, and then click Delete Folder name. Give permission to others to access my folders You can give someone sharing permission to open and read the contents of your folders by selecting the reviewer permission when you share a folder. (For the Outlook Inbox folder, reviewer permission lets the other person delete your mail as well.) In addition, for Outlook, you can give another person sharing permission to schedule appointments and meetings for you in Calendar and to create and modify tasks for you in Tasks, depending on the permission level you specify for the person. Set sharing permissions for a folder 1) If the Folder List is not visible, click the View menu, click Folder List, and then select the folder you want to share with another person. 2) Right-click the folder to share, and then click Properties on the shortcut menu. 3) Click the Permissions tab. Click Add. 4) In the Type name or select from list box, type or select the name of the person you want to grant sharing permissions to. Click Add, and then click OK. 5) In the Name box, click the name of the person you just added. 6) In the Roles box, click the permissions you want. 317 Set sharing permissions for a delegate 1) On the Tools menu, click Options, and then click the Delegates tab. 2) Click Add. 3) In the Type name or select from list box, type the name of the delegate you want to set permissions for. 4) Click Add, and then click OK. Select the permissions for each Outlook folder you want the delegate to have access to. Note: If you want your delegate to be sent copies of your meeting requests and responses, give the delegate editor permission to your Calendar, and then select the Delegate receives copies of meeting-related messages sent to me check box. Change sharing permissions for a delegate 1) On the Tools menu, click Options, and then click the Delegates tab. 2) In the Delegates box, click the delegate you want to change permissions for. Click Permissions, and then change the permissions for any Outlook folder that the delegate has access to. Contacts Use the Contacts folder to store and retrieve all types of information about others such as street addresses, telephone numbers, e-mail addresses, fax phone numbers, and Web page addresses. Contacts in the Contacts folder that include an entry in the E-mail field or one of the fax phone number fields automatically appear in the Outlook Address Book. Change the way a contact is filed in the contact list 1) Open a contact. 2) In the File as box, type or select the name or company name you want to display the contact under. Note: Company names that start with articles (for example, "The" or "A") automatically appear under the next word in the name. For example, "The Company" appears as "Company, The." Import a contact list or a file 1) On the File menu, click Import and Export. 318 2) Click Import from Schedule+ or another program or file. Follow the instructions in the Import and Export Wizard. Import a Personal Address Book 1) On the File menu, click Import and Export. 2) Click Import from another program or file. 3) Follow the instructions in the Import and Export Wizard. Sending email from “Contacts” 1. Open Outlook. 2. Click on your Inbox File on the left. 3. Click on the New Mail Message Icon. (top left of your toolbarpaper & envelope with a down arrow next to it.) 4. Click the down arrow and choose Mail Message. 5. Click the TO: button in your mail message. 6. In the Show Names From The box, click the down arrow and choose Contacts. 7. From the Type Name list, double-click the name you wish to email (or highlight & click TO:) 8. Click OK. 9. Type and send your message as usual. 319 Troubleshooting Outlook Why can't I see my contacts? Some contacts might be temporarily hidden if the view you use filters out certain details. To view all contacts in the Contacts folder, click the View menu, point to Current View, and then click Customize Current View. Click Filter, and then click Clear All. If you look for contacts in a contacts folder you select under Outlook Address Book in the Show names from the box, in the Address Book, only contacts that have an entry in the E-mail field or in a fax phone number field appear in the list. When you enter a name or address, Outlook tries to separate the name or address into logical parts and then copies each part into a separate field such as First Name, Middle Name, Last Name, or Business Address Street, Business Address City, and so on. If Outlook can't separate the name or address into logical parts, the fields that would contain parts of the name or address remain empty. To fill in empty name fields or address fields, open the contact, and click Full Name or Address. My contacts don't sort in the order I expect In most views, contacts are sorted by the contents of the File as field. The File as field can contain a contact name, a company name, or a custom name for the contact. To change the way a contact is filed, open the contact, and enter what you want in the File as box. Or you can sort contacts by another field: Close the contact, click the View menu, point to Current View, and then click Customize Current View. Click Sort, and then select the field you want to sort by. You might have sorted contacts by an entire address instead of by part of the address. For example, if you sort contacts by the Business Address field, Outlook uses the first line of text in the Business Address field to sort the contacts. To see contacts sorted by the city or country of the business address, sort them by the Business Address City or Business Address Country field. On the View menu, point to Current View, and then click Customize Current View. Click Sort, and then click Address fields in the Select available fields from box. In the Sort items by box, click the field you want to sort by. You might have sorted contacts by a mixture of business and home addresses. If you sorted by the State or Country field, Outlook uses the mailing address to 320 sort contacts. You might have made the mailing address a business address for some contacts and a home address for others. To change the mailing address, open the contact. In the box next to the address, click Business, Home, or Other and then select the This is the mailing address check box. When I look up a contact, I get an error message You might have tried to look up a contact that isn't in your contact list. You can only look up information about contacts that exist in the contact list. If more than one contact name in the contact list matches the name you want to look up, Outlook opens the first contact in the list that matches the name. I can't find a contact in the Address Book The Address Book can contain several address books. The name you want may be in a different address book. In the Address Book window, click another address book in the Show names from the box. To see contacts from the Outlook contact list, click the name of the contacts folder you want under Outlook Address Book, in the Show names from the box. A contact must have an entry in the E-mail field or a fax phone number field to appear in the Outlook Address Book. 321 Chapter 16 – NETSH Command The Netsh Commands for Wired Local Area Network (LAN) And for wired local area network (WLAN) provide methods to configure connectivity and security settings. You can use the Netsh lan commands to configure the local computer, or to configure multiple computers by using a logon script. The wired Netsh command line provides easier secure wired deployment Netsh LAN Commands for Wired Interface You can run these commands from the Windows 7 command prompt. To enter the netsh context for lan 1. Click Start, click Run, type cmd, and then click OK, to open a command prompt. 2. At the command prompt, type netsh and press Enter, then type lan and press Enter. The following command is available for the netsh lan syntax: add - Adds a profile to the specified interface on the computer. delete - Removes a LAN profile from the specified interface on the computer. dump - Generates and saves a script that contains the current configuration. export - Saves LAN profiles as XML files to a specified location. help - Displays a list of commands. reconnect - Reconnects to the network using the specified adapter. set - Sets wired configuration. show - Displays information. 322 Let’s take a look at the netsh /? output in figure 16.1. Figure 16.1 Syntax: CommandName/? Parameters: There are no parameters associated with this command. Remarks: Displays a list of commands or parameters. Example command: add /? delete profile /? Description: The example command, ?, displays the entire list of contexts supported by netsh. 323 Configuring IPv6 in Using Netsh You can use Netsh to configure the IPv6 settings for a network connection in all the versions of Windows 7. To do this open a command prompt window from a user account with local administrator rights on the PC or laptop. To add the unicast IPv6 address of 2001:0db8:3c4d:0015::abcd:ef12 to the interface named Local Area Connection type the following command: netsh interface ipv6 add address “Local Area Connection” 2001:0db8:3c4d:0015::abcd:ef12 To add a default route with this address specified as a next-hop address by typing the following command: netsh interface ipv6 add route ::/0 “Local Area Connection” 2001:0db8:3c4d:0015::abcd:ef12 324 Assess Yourself – Are You Ready For the Exam? Note: You can find the answers on page 346. Question 1 A user wants to install the games included with Windows 7 on his PC. They were not installed by default. Windows components can be added or removed using which of the following in Windows 7. A. Click the Start Bar, Control Panel, Add/Remove Programs, and click Windows Components. B. Click the Start Bar, Control Panel, Programs, then click Turn Windows features on or off. C. Click the Start Bar, Settings, Windows Control Center. D. Right click the “My Computer” icon, Choose Properties, Choose Computer Management, on the left pane choose Add/Remove Windows Components. Answer: _______ Question 2 There is an Active Directory domain and a Direct Access infrastructure already configured in your network. Windows 7 is installed on a new laptop and you have joined the computer to the domain. You have to make sure that the computer can establish DirectAccess connections. Which of the following should be performed? A. Create Network Discovery firewall exception should be enabled. B. Add the users to the Remote Operators group. C. Create a VPN connection new network connection should be created. D. Install a valid computer certificate. Answer: _______ 325 Question 3 You are installing Windows 7 on from the desktop of a Windows XP Professional PC. Which of the following can be performed from the Windows 7 DVD? A. Run setup.exe from the DVD to start the Windows 7 installation. B. Use the autorun feature on the DVD to start the installation. C. Perform a full installation of Windows 7. D. Perform and upgrade of Windows 7 keeping all the Windows XP settings. E. All of the above Answer: _______ Question 4 You use a laptop named Laptop1 which runs Windows 7. There is a Windows 2008 R2 server named Server1 that contains a shared folder named Data. You need to configure Laptop1 to cache and encrypt the files from the Data share so they can be used when Laptop1 is not connected to the network. You want the files in the Data share to automatically synch each time Laptop1 connects to the network. Which action should be performed? A. On Server1, the files should be encrypted on the Data share. Copy the data to a folder on the Laptop1. B. Copy the files from the Data share to the Documents library and turn on BitLocker To Go Drive Encryption. C. You should make the Data share available offline and enable encryption of offline files on Laptop1. D. BitLocker Drive Encryption should be configured on Server1. You should make Data share available offline on all computers in the network. Answer: _______ 326 Question 5 Federated Search connectors are installed using what method? A. Purchase the Federated Search Installation Tool Pack online and buying individual search connectors from websites. B. Download an .osdx file from a valid source. Double click on the downloaded file and choose Add to install. C. Go to Microsoft’s website. Only vendors who have signed up with the Microsoft Federated Search Tool Writers Guild can participate. D. Go to Amazon.com and download the Shared Resource Kit for Federated Searches. Answer: _______ Question 6 You have two computers named Laptop1 and Computer2. Windows Vista is run on Laptop1. Windows 7 is run on Computer2. You are tasked with migrating all the users files and profiles from Laptop1 to Computer2. Which command would be used to identify how much space is required to complete the migration? A. Run Windows Easy Migrate and press test the C: drive on Laptop1. B. dsmigrate \\Laptop1\store /nocompress /p should be run on Computer2. C. loadstate \\Laptop1\store /nocompress should be run on Computer2. D. scanstate c:\store /nocompress /p should be run on Laptop1. Answer: _______ 327 Question 7 Which of the following is not a volume type usable by Windows 7? A. FAT B. FAT32 C. exFAT D. NTFS E. All of the above a volume types in Windows 7. Answer: _______ Question 8 You have a workgroup which contains seven computers running Windows 7 Professional. A computer named Computer1 has MP4 files to share. What should Computer 1, do to share the files? A. Connect a removable drive and enable BitLocker To Go. B. Create a Homegroup with a shared password. C. All BranchCache rules should be enabled in Windows Firewall. D. The files should be moved to a Media Library. Answer: _______ Question 9 The Aero Shake feature will work if which of the following conditions are met? A. A display adapter compatible with WDDM is installed. B. Aero features are downloaded from Microsoft. C. The windows experience index is at least 2. D. The Windows Experience Index is 3 or greater. Answer: _______ 328 Question 10 You are called in to assist a company called MediaWorks because you are experienced at installing, upgrading, migrating and deploying Windows 7. You manage a computer that runs Windows 7. You are tasked to identify which applications were installed during the last week. What Windows component would you use to find this information? A. Check the Windows System Change Log in the Control Panel. B. View the events in the Applications Log under Windows Logs in the System and Security component section of the Control Panel. C. Check Add/Remove Programs Log in the Control Panel, Programs section. D. Check the Windows System Diagnostics Report under the Performance Monitor MMC. E. The informational events should be reviewed from Reliability Monitor. Answer: _______ Question 11 Which of the following steps will keep a Microsoft Word shortcut icon on the Taskbar after the next reboot? A. Copy and paste a Microsoft Word icon to the Taskbar. B. Right click on the Microsoft Word icon and choose, “Staple to Superbar”. C. Drag the Microsoft Word shortcut icon to the Taskbar. D. Open Microsoft Word. While the Icon is on the Taskbar, right click the icon and choose, “Pin this program to taskbar”. Answer: _______ 329 Question 12 You have a computer that runs Windows 7. You open the Disk Management in the Computer Management MMC. You need to make sure that you are able to create a new partition on Disk 0 but the space is used. Which of the following would allow you to make another partition on Disk 0, as shown in the figure above? A. Create a Virtual Hard Disk (VHD) and assign as Disk 0. Change Disk 0 to Disk 3. B. In order to make sure of this, volume C should be compressed. C. In order to make sure of this, Disk 0 should be converted into a dynamic disk. D. Shrink volume C to make space for another volume. Answer: _______ Question 13 All the games including Titan Chess come with which versions of Windows 7? A. Windows Home Edition B. Windows Professional Edition C. Windows Ultimate Edition D. Windows Enterprise Edition Answer: _______ 330 Question 14 There is an Active Directory domain in your network. There are two computers which have already joined the domain named Computer1 and Computer 2 running Windows 7 Professional. From Computer 1, you can recover all Encrypting File System (EFS) encrypted files for users in the domain. You have to make sure that you can recover all EFS encrypted files from Computer 2. What action should you perform? A. Use the Cipher.exe /wc:\. The take the certificate and place it on Computer 2 to be able to read the encrypted files. B. Use AppLocker to create a data recovery certificate on Computer1 and copy the certificate to Computer2. C. Export the data using the new Windows 7 EFS Recovery tool using the /export syntax on Computer 1 and using the /target syntax for Computer 2. D. Export the Data Recovery Agent Certificate on Computer 1 to Computer 2. Answer: _______ Question 15 Which of the following Windows 7 Editions allows you to join an Active Directory domain? A. Windows Home Edition B. Windows Professional Edition C. Windows Ultimate Edition D. Windows Enterprise Edition Answer: _______ 331 Question 16 Which of the following is not a minimum requirement to install Windows 7? A. 1 GHz or faster 32-bit (x86) or a 64-bit (x64) processor B. 4GB RAM (32-bit)/2 GB RAM (64-bit) C. 16 GB available disk space (32-bit)/20 GB (64-bit) D. DirectX 9 graphics processor with WDDM 1.0 or higher driver. Answer: _______ Question 17 Which of the following is not a rating for games in Windows 7? A. General Audience (G) B. Everyone (E) C. Teen (T) D. Mature (M) E. Adults Only (AO) Answer: _______ Question 18 What tool can be used to verify that device drivers installed on a Windows 7 computer are digitally signed? A. cipher.exe B. There is no tool to perform this procedure on all device drivers. C. Use Device Manager and choose the Digital Verification Tool. D. Sigverif.exe Answer: _______ 332 Question 19 In Windows 7 you can control when users such as kids can login to Windows 7. Which of the following best describes where to configure this option? A. You cannot choose this feature unless you are connected to a domain. B. Go to the Start, Control Panel, User Accounts and Family Safety, Setup Parental Controls, and then choose Time Restrictions. C. Go to Start, Control Panel. User Profiles, and then Time Restriction Settings. D. Go to the Homegroup settings and choose Offline Time Settings. Answer: _______ Question 20 How do you change file associations in Windows 7? A. Open the Control Panel, Open Programs, then choose Default Programs and then click Set Associations. B. Open My Computer, Choose Tools, Options, and choose the Associations Tab. C. Right click on the desktop, choose Manage. In Computer Management choose File Settings in the left pane. In the right pane you can choose the setting to change. D. Open Computer Configuration and then click Software Settings from the local Group Policy. Answer: _______ 333 Question 21 Which of the following best describes how the user is alerted with information system and configuration alerts? A. A popup occurs and the Windows 7 desktop contrast is dimmed. Until you acknowledge the alert the screen will not move. B. If Aero is installed the shaking alert flag appears in the index bar of every open window. C. A flag in the taskbar with a red “x” indicates there is a problem needing attention. D. All of the above Answer: _______ Question 22 If you have a router in the network your connected to and the Default Gateway is set to 192.168.1.1 and the subnet mask is 255.255.255.0, which of the following are useable IP addresses on that network? A. 192.168.1.1 B. 192.168.1.300 C. 192.168.1.30 D. 192.168.2.10 Answer: _______ Question 23 You have a dual boot PC running both Vista and Windows 7 on partitions on the computer. Which file would you edit to force the PC to book Vista by default? A. boot.ini B. ntfsboot.cfg C. bcdedit.exe D. system.cfg Answer: _______ 334 Question 24 To establish a DirectAccess connection to the network, what is the first requirement? A. Install a certificate B. Create a VPN connection C. A static IPv4 address D. A static IPv6 address Answer: _______ Question 25 Which of the following is true of Windows 7? A. MailCentral is included as the new default mail client with Windows 7. B. Outlook Express is included with Windows 7. C. Microsoft Outlook is included with Windows 7. D. There is no preinstalled mail client included with Windows 7. Answer: _______ Question 26 How do you export the user state and settings to another PC when using a custom application? A. Use the scanstate tool with the /userprof syntax. B. The migapp.xml file should be modified. Then scanstate should be run and the /i syntax should be specified. C. Just copy the profile using the Easy Transfer Wizard. D. Loadstate.exe should be run and the /config syntax should be used. Answer: _______ 335 Question 27 To audit the usage of other users on a shared folder on your Windows 7 computer, which of the following actions should be taken? A. Configure the Audit object access setting in the local Group Policy. B. Right click on the folder being shared and choose the Audit directory service Access setting. C. In the Event Viewer, right click on the System Log. Choose Properties and select all the options for logging including folder access. D. Modify the properties of the Security log from the Event Viewer. Answer: _______ Question 28 You are in charge of a computer that runs Windows 7. You find that an application named Google Desktop runs during the startup process. You have to prevent only Google Desktop from running during the startup process. Users must be allowed to run Google Desktop manually however. What is the proper way to configure this without using third party tools? A. The msconfig.exe tool should be modified. B. The application control policy should be modified from the local Group Policy. C. The software boot policy should be modified from the local Group Policy. D. The Startup applications in the System Configuration tool should be modified. Answer: _______ 336 Question 29 You have a Virtual Hard Disk (VHD) with Windows 7 installed and a computer running Windows 7 Ultimate. Which procedure of the following would allow you to book the Windows 7 PC from the VHD? A. Run bcdedit.exe and modify the Windows Boot Manager. B. Select vdisk should be run from Diskpart.exe. C. Modify the BIOS to boot from an ISO. D. Press F12 at startup and wait for the option to press any key to start from a VHD. Answer: _______ Question 30 You use Windows Preinstallation Environment (Windows PE) to start a computer. Which Windows PE utility woulfd you use to dynamically load a network adapter device driver? A. bcedit.exe B. winrm.exe C. drvload.exe D. cipher.exe Answer: _______ Question 31 Which of the following is used to control when the security pop-up notifications are used? A. Security Control Manager B. User Account Control C. User Access Control Panel D. Notification Control Settings Manager Answer: _______ 337 Question 32 Which of the following is not a Windows PE tool? A. Diskpart B. Drvload C. Oscdimg D. Winpeshl E. None of the above. Answer: _______ Question 33 A Windows 7 laptop connects to a wireless network connection at your office on the wireless access point you disable Service Set Identifier (SSID) broadcasts. Suddenly, you discover that the laptop is unable to connect to the wireless access point.. Which of the following should be modified to allow the laptop to connect to the wireless network? A. The Windows credentials should be modified from Credential Manager. B. The wireless network connection setting should be modified from Network and Sharing Center. C. The generic credentials should be modified from Credential Manager. D. Network discovery should be turned on from Network and Sharing Center. Answer: _______ Question 34 Which of the following can be used to increase the physical memory on your Windows 7 PC and increase the speed? A. PhysiRAM B. Aero Glass C. DirectAccess D: ReadyBoost Answer: _______ 338 Question 35 A USB external drive is attached to a Windows 7 Professional computer. You want to enable BitLocker To Go on the USB disk. Which of the following must be done? A. In order to make sure of this, obtain a client certificate from an enterprise certification authority (CA). B. You must install the Encrypting File System (EFS) from the Add/Remove Windows Components. C. In order to make sure of this, the computer should be upgraded to Windows 7 Ultimate or Windows 7 Enterprise. D. You need to download BitLocker To Go from Microsoft’s website. Answer: _______ Question: 36 Which of the following Windows 7 utilities was used to create the output in the above figure? A. MemManager.exe B. SysPrep.exe C. Cipher.exe. D. Performance Monitor Answer: _______ 339 Question 37 You need to configure a Windows Ultimate PC to download updates from a local Windows Server Update Services (WSUS) server. What action should you perform to achieve this? A. In order to achieve this, the System Protection settings should be modified from the System settings. B. In order to achieve this, the Windows Update settings should be modified from the local Group Policy. C. In order to achieve this, the Windows Update settings should be modified from Windows Update. D. In order to achieve this, the Location and Sensors settings should be modified from the local Group Policy. Answer: _______ Question 38 What is the easiest way to identify a dynamic IPv6 address on a Windows 7 PC? A. Click Properties from network connection properties. B. Click Details from the network connection status. C. netconfig D. netstat Answer: _______ 340 Question: 39 If you plan to use an automated install of Windows 7, what file is required to create an automated installation of Windows 7? A. An answer file named sysprep.inf. B. An answer file named autounattend.xml. C. An answer file named oobe.ini D. An answer file named unattended.ini Answer: _______ Question 40 What action would you perform to prevent Internet Explorer from saving any data during a browsing session? A. The security settings for the Internet zone should be disabled. B. The BranchCache service should be disabled. C. The InPrivate Blocking list should be disabled. D. Open an InPrivate Browsing session in IE. Answer: _______ Question 41 You have a wireless access point that is configured to use Advanced Encryption Standard (AES) security. If a pre-shared key is not configured on the wireless access point, which security setting should you select for the wireless connection to work? A. You should select WPA2-Personal for the wireless connection. B. You should select 802.1x for the wireless connection. C. You should select WPA2-Enterprise for the wireless connection. D. You should select WPA-Personal for the wireless connection. Answer: _______ 341 Question 42 You are in charge of two computers that running Windows 7 called Computer1 and Computer 2. What action should you perform to make sure you can remotely execute commands on Computer02 from Computer01? A. You should enable Windows Remote Management (WinRM) in the Control Panel on both computers. B. winrm quickconfig should be run on C01. C. You should enable Windows Remote Management (WinRM) from the Windows 2008 R2 server in the network D. winrm quickconfig should be run on C02. Answer: _______ Question 43 Which of the following will cause the Online Compatibility Check to fail during a Window 7 installation? A. 512MB of RAM B. A display adapter with WDDM Support C. A display adapter without WDDM Support but with SVIDEO D. An 80 GB Hard Disk Answer: _______ Question 44 An answer file named answer.xml is created by you to allow for deployment of an image you made. To make sure that the installation applies the answer file after you deploy the image, which of the following command should you use before the capture of the image? A. imagex.exe /mount answer.xml /verify B. imagex.exe /append answer.xml /check C. sysprep.exe /generalize /oobe /unattend:answer.xml D. sysprep.exe /reboot /audit /unattend:answer.xml Answer: _______ 342 Question: 45 You manage a computer that runs Windows Good thing you imaged your PC after you installed Windows 7, because a virus has infected your PC. Which of the following procedures will allow you to restore your PC? A. Restart computer should be started from Windows Preinstallation Environment (Windows PE) and then ImageLoader.exe should be run. B. Use the Last Known Good Configuration feature to start the computer. C. Boot the computer from the Windows 7 DVD and then the Startup Repair tools. Choose system repair using an image. D. Boot the computer from the Windows 7 DVD and then choose the System Image Recovery tool. Answer: _______ Question 46 All computers are members of an Active Directory domain. Your network contains an internal Web site that uses Integrated Windows Authentication. From a computer that runs Windows 7, you try to connect to the Website and are prompted for authentication. You verify that your user account has permission to access the Web site. You have to ensure that you are automatically authenticated when you connect to the Web site. What action should you perform? A. The URL of the Web site should be added to the Local intranet zone. B. The URL of the Web site should be added to the Trusted sites zone. C. A complex password for your user account should be created. D. Open Credential Manager and modify your credentials.. Answer: _______ 343 Question 47 Using as little administrative effort as possible, how do you prevent anyone who is a member of Group2 from running the Windows Media Player? A. A hash rule should be created from Software Restriction Policies. B. A path rule should be created from Software Restriction Policies. C. The default rules should be created from Application Control Policies. D. An executable rule should be created from Application Control Policies. Answer: _______ Question 48 There are multiple users that log on to a Windows 7 Professional computer. You need to deny one user access to removable devices on the computer. All other users must have access to the removable drives. What action should you perform? A. The settings of all removable devices should be modified from Device Manager. B. An application control policy should be modified from the local Group Policy. C. A removable storage access policy should be modified from the local Group Policy. D. The BitLocker Drive Encryption settings should be modified from Control Panel. Answer: _______ 344 Question 49 You use a computer that runs Windows 7 Ultimate. You are asked to prevent users from copying unencrypted files to removable drives. What action should you perform? A. The Trusted Platform System (TPS) settings should be modified from a local Group Policy. B. TPS should be initialized from the Trusted Platform Settings (TPM) snapin. C. The BitLocker Drive Encryption settings should be modified from Control Panel. D. The BitLocker Drive Encryption settings should be modified from a local Group Policy. Answer: _______ Question 50 There is a head office and a branch office in your company network. The branch office has computers that run Windows 7 Professional. A network administrator enables BranchCache in the head office. You have to make sure that other computers in the branch office can access the cached content on your computer. So what action should be performed? A. The Windows Firewall, Advanced Security rules should be modified. B. Turn on Internet Information Services (IIS). C. The computer should be configured as a hosted cache client. D. The BranchCache service should be configured to start automatically on a Windows 2003 server. Answer: _______ 345 Assess Yourself Answers-Pretest 1. B 26. B 2. D 27. A 3. A,B,C 28. D 4. C 29. A 5. B 30. C 6. D 31. B 7. E 32. E 8. B,D 33. D 9. A,D 34. D 10. B,E 35. C 11. D 36. C 12. D 37. B 13. C,D 38. B 14. C 39. B 15. B,C,D 40. D 16. B 17. A 18. D 19. B 20. A 21. C 22. C 23. C 24. D 25. D 346 Assess Yourself Answers - Are you Ready for the Exam? 1. B 26. B 2. D 27. A 3. A,B,C 28. D 4. C 29. A 5. B 30. C 6. D 31. B 7. E 32. E 8. B,D 33. D 9. A,D 34. D 10. B,E 35. C 11. D 36. C 12. D 37. B 13. C,D 38. B 14. C 39. B 15. B,C,D 40. D 16. B 41. D 17. A 42. D 18. D 43. A,C 19. B 44. C 20. A 45. D 21. C 46. A 22. C 47. D 23. C 48. B 24. D 49. D 25. D 50. A 347 Glossary 10BaseT The IEEE 802.3 standard for running Ethernet at 10Mbps over shielded or unshielded twisted-pair wiring. The maximum length for a 10BaseT segment is 100 meters, or 328 feet. 100BaseT The IEEE 802.3u standard, which is also known as Fast Ethernet, for running Ethernet at 100Mbps over a shielded or unshielded twisted-pair cable. 802.10 Used within FDDI backbones. This is a Cisco mechanism used to implement VLANs. Originally developed by the IEEE as a standard to implement FDDI into metropolitan area networks (MANs). access lists A security feature used with the Cisco IOS to filter traffic types as part of data routing. Access lists are also used to filter traffic between different VLAN numbers. address A set of numbers, usually expressed in binary format, used to identify and locate a resource or device on a network. Address Resolution Protocol (ARP) The protocol used to map the IP address to the MAC address. administrator A person responsible for the control and security of the user accounts, resources, and data flow on the network. American National Standards Institute (ANSI) The organization that publishes standards for communications, programming languages, and networking. 348 AppLocker Specifies what software is allowed to run on a user's PCs through centrally managed but flexible Group Policies. Available only in Windows 7 Ultimate and Enterprise editions. application layer The layer of the OSI model that provides support for end users and for application programs using network resources. Asymmetric Digital Subscriber Line (ADSL) A service that transmits digital voice and data over existing (analog) phone lines. attenuation The loss of signal that is experienced as data is transmitted across network media. AVI Acronym for Audio Video Interleaved. A Windows multimedia file format for sound and moving pictures that uses the Microsoft RIFF (Resource Interchange File Format) specification. backbone A high-capacity infrastructure system that provides optimal transport on a LAN. Typically in a LAN, the data running from router to router, switch to switch, or switch to router is transported through a faster physical topology than the rest of the local area or virtual LAN devices. The physical cable is called the backbone. bandwidth The rated throughput capacity of a given network protocol or medium. base bandwidth The difference between the lowest and highest frequencies available for network signals. The term is also used to describe the rated throughput capacity of a given network protocol or medium. binary A Base 2 numbering system used in digital signaling, characterized by 1s and 0s. 349 binding The process of associating a protocol and a network interface card (NIC). bit An electronic digit used in the binary numbering system. BitLocker and BitLocker To Go Helps protect data on PCs and removable drives, with manageability to enforce encryption and backup of recovery keys. Available only in Windows 7 Ultimate and Enterprise editions. Available only in Windows 7 Ultimate and Enterprise editions. blackout A total loss of electrical power. bridge A device that connects and passes packets between two network segments that use the same communications protocol. Bridges operate at the data link layer of the OSI Reference Model. A bridge filters, forwards, or floods an incoming frame based on the MAC address of that frame. broadband A communications strategy that uses analog signaling over multiple communications channels. broadcast A packet delivery system in which a copy of a packet is given to all hosts attached to the network. broadcast domain In a none-switched network, a broadcast domain is all the devices that can receive a broadcast from one machine in the network sent on the physical wire. A segment not separated by a Layer 3 device or Layer 2 device that can filter broadcasts is the broadcast domain. On a switched network using VLANs, your broadcast domain is all the ports or collision domains that belong to the same VLAN. broadcast storm 350 Occurs when broadcasts throughout the LAN become so numerous that they use up all the available bandwidth on a LAN, thus grinding the network to a halt. Browsing Browsing means looking through a computer system to locate files, folders, applications, or printers. brownout A short-term decrease in the voltage level, usually caused by the startup demands of other electrical devices. byte A set of bits (usually 8) operating as a unit to signify a character. cable modem A modem that provides Internet access over cable television lines. change control A process in which a detailed record of every change made to the network is documented. channel A communications path used for data transmission. Channel Service Unit (CSU) A network communications device used to connect to the digital equipment lines of the common carrier, usually over a dedicated line or Frame Relay. Used in conjunction with a Data Service Unit (DSU). Class A network A TCP/IP network that uses addresses starting between 1 and 126 and supports up to 126 subnets with 16,777,214 unique hosts each. Class B network A TCP/IP network that uses addresses starting between 128 and 191 and supports up to 16,384 subnets with 65,534 unique hosts each. Class C network 351 A TCP/IP network that uses addresses starting between 192 and 254 and supports up to 2,097,152 subnets with 254 unique hosts each. Clear Header A field (part of the 802.10 header) that copies the encrypted Protected Header for security purposes to help guarantee against tampering with the frame. Also known as the Secure Data Exchange (SDE) Protocol Data Unit. client A node that requests a service from another node on a network. client/server networking Networking architecture utilizing front-end demand nodes that request and process data stored by the back end or resource node. collision The result of two frames transmitting simultaneously in an Ethernet network and colliding, thereby destroying both frames. collision domain All the interfaces on a single segment that can send data on the same wire physical wire. In a hub, all the interfaces connected to all the hub ports are in their own collision domain. In the case of a switch, all the nodes connected to each individual port are in their own collision domain. common carrier Supplier of communications utilities, such as phone lines, to the general public. communication The transfer of information between nodes on a network. connectionless-oriented communication Packet transfer in which the delivery is not guaranteed. connection-oriented communication Packet transfer in which the delivery is guaranteed. connectivity The linking of nodes on a network in order for communication to take place. 352 Copper Distributed Data Interface (CDDI) The implementation of the FDDI standard using electrical cable rather than optical cable. bore block End point for networks; requires fast access and no policy implementation. BranchCache Decreases the time branch office users spend waiting to download files across the network. Available only in Windows 7 Ultimate and Enterprise editions. crosstalk Electronic interference caused when two wires get too close to each other. Cyclical Redundancy Check (CRC) A method used to check for errors in packets that have been transferred across a network. A computation bit is added to the packet and recalculated at the destination to determine if the entire packet contents have been transferred correctly. data field In a frame, the field or section that contains the data. data link layer This is Layer 2 of the OSI Reference Model. The data link layer is above the physical layer. Data comes off the cable, through the physical layer, and into the data link layer. Data Service Unit (DSU) Formats and controls data for transmission over digital lines. Used in conjunction with a Channel Service Unit (CSU). dedicated line Generally used in WANs to provide a constant connection between two points. default gateway Normally a router or a multihomed computer to which packets are sent when they are destined for a host that's not on their segment of the network. demand node 353 Any end user or interface that requests and accesses network resources such as servers or printers. destination address The network address where the frame is being sent. In a packet, this address is encapsulated in a field of the packet so all nodes know where the frame is being sent. dialed number identification service The method for delivery of automatic number identification using out-of-band signaling. dial-up networking The connection of a remote node to a network using POTS or PSTN. Digital Subscriber Line (DSL) A public network technology that delivers high bandwidth over conventional copper wiring at limited distances. DirectAccess Gives mobile users seamless access to corporate networks without a need to VPN domain A logical grouping of interfaces in a network or intranet to identify a controlled network of nodes that are grouped as an administrative unit. dual-homed A FDDI end station attached to two DACs for redundancy. dumb terminal An end-user station that can access another computer or switch but cannot provide any processing at the local level. Dynamic Host Configuration Protocol (DHCP) A protocol that provides an IP address to requesting demand nodes on the network. Dynamic ISL A protocol that performs trunking negotiation. It also verifies that two connected ports can become trunk links. A Dynamic ISL port can be configured in one of four modes: On, Off, Desirable, or Auto. 354 dynamic window A mechanism that prevents the sender of data from overwhelming the receiver. The amount of data that can be buffered in a dynamic window can vary. electromagnetic interference (EMI) External interference from electromagnetic signals that causes reduction of data integrity and increased error rates in a transmission medium. Electronics Industries Association (EIA) A group that specifies electrical transmission standards. Emulated LAN (ELAN) A feature used by ATM LANE to perform the basic functionality of a VLAN in Token Ring or Ethernet environments. ELANs, like VLANs, require a route processor such as a router to route frames between ELANs. encapsulation The technique used by layered protocols in which a layer adds header information to the Protocol Data Unit (PDU) from the layer above. encryption The modification of data for security purposes prior to transmission so that it is not comprehensible without the decoding method. Enterprise Services Services that involve crossing the backbone to achieve access. These services are typically located on a separate subnet than the rest of the network devices. EtherChannel A connection used on the Catalyst 3000 family or Kalpana switches. It allows as many as seven Ethernet links to be bundled and load-balanced frame by frame to provide up to 140Mps of bandwidth. It can utilize half-duplex or full-duplex links. Fast EtherChannel A connection used on the Catalyst 5000 family of switches. It allows as many as seven Ethernet links to be bundled and load-balanced frame by frame to provide up to 800Mbps of bandwidth. It can utilize half-duplex or full-duplex links. 355 Fast Ethernet IEEE 802.3 specification for data transfers of up to 100Mbps. fault tolerance A theoretical concept defined as a resistance to failure. It is not an absolute and can be defined only in degrees. Federated Search Finds information in remote repositories, including SharePoint sites, with a simple user interface. fiber-optic cable Also known as fiber optics or optical fiber. A physical medium capable of conducting modulated light transmissions. Compared with other transmission media, fiber-optic cable is more expensive, but is not susceptible to electromagnetic interference and is capable of higher data rates. File Transfer Protocol (FTP) The set of standards or protocols that allows you to transfer complete files between different computer hosts. firewall A security system intended to protect an organization's network against external threats, such as hackers, coming from another network, such as the Internet. Usually a combination of hardware and software, a firewall prevents computers in the organization's network from communicating directly with computers external to the network and vice versa. flash memory A type of memory that keeps its contents (usually the operating system) when the power is cycled. flow control A method used to control the amount of data that is transmitted within a given period of time. There are different types of flow control. See also dynamic window and static window. frame Grouping of information transmitted as a unit across the network at the data link layer. Frame Check Sequence field 356 This field performs a cyclic redundancy check (CRC) to ensure that all of the frame's data arrives intact. Frame Length field In a data frame, the field that specifies the length of a frame. The maximum length for an 802.3 frame is 1,518 bytes. Frame Type Field In a data frame, the field that names the protocol that is being sent in the frame. full backup A backup method in which every file on the hard drive is copied. full duplex Transmission method in which the sending and receiving (Rx and Tx) channels are separate; therefore, collisions cannot occur. Data is transmitted in two directions simultaneously on separate physical wires. gateway A hardware and software solution that enables communication between two dissimilar networking systems or protocols. Gateways usually operate at the upper layers of the OSI protocol stack, above the transport layer. gigabit (Gb) One billion bits or one thousand megabits. Gigabit Ethernet IEEE specification for transfer rates up to one gigabit per second. guaranteed flow control A method of flow control in which the sending and receiving hosts agree upon a rate of data transmission. After they agree on a rate, the communication will take place at the guaranteed rate until the sender is finished. No buffering takes place at the receiver. half duplex A circuit designed for data transmission in both directions, but not simultaneously. head-of-line blocking Situation in which congestion on an outbound port limits throughput to uncongested ports. It is completely different from oversubscription. Physical data from another source device blocks the data of the sending device. 357 host Any system on a network. In the Unix world, any device that is assigned an IP address. host ID A unique identifier for a client or resource on a network. hostname The NetBIOS name of the computer or node, given to the first element of the Internet domain name. It must be unique on your network. hub Also known as a concentrator or multiport repeater. A hardware device that connects multiple independent nodes. Hypertext Transfer Protocol (HTTP) A protocol used by Web browsers to transfer pages and files from the remote node to your computer. IEEE See Institute of Electrical and Electronics Engineers. IEEE 802.1 Standard that defines the OSI model's physical and data link layers. This standard allows two IEEE LAN stations to communicate over a LAN or wide area network (WAN) and is often referred to as the internetworking standard. It also includes the Spanning Tree Algorithm specifications. IEEE 802.2 Standard that defines the LLC sublayer for the entire series of protocols covered by the 802.x standards. This standard specifies the adding of header fields, which tell the receiving host which upper layer sent the information. It also defines specifications for the implementation of the Logical Link Control (LLC) sublayer of the data link layer. IEEE 802.3 Standard that specifies physical-layer attributes--such as signaling types, data rates, and topologies--and the media-access method used. It also defines specifications for the implementation of the physical layer and the MAC sublayer of the data link layer, using CSMA/CD. This standard also includes the original specifications for Fast Ethernet. IEEE 802.4 358 Standard that defines how production machines should communicate and establishes a common protocol for use in connecting these machines. It also defines specifications for the implementation of the physical layer and the MAC sublayer of the data link layer using Token Ring access over a bus topology. IEEE 802.5 Standard often used to define Token Ring. However, it does not specify a particular topology or transmission medium. It provides specifications for the implementation of the physical layer and the MAC sublayer of the data link layer using a token-passing media-access method over a ring topology. IEEE 802.6 Standard that defines the distributed queue dual bus (DQDB) technology to transfer high-speed data between nodes. It provides specifications for the implementation of metropolitan area networks (MANs). IEEE 802.7 Standard that defines the design, installation, and testing of broadband-based communications and related physical media connectivity. IEEE 802.8 Standard that defines a group of people who advise the other 802-standard committees on various fiber-optic technologies and standards. This advisory group is called the Fiber Optic Technical Advisory Group. IEEE 802.9 Standard that defines the integration of voice and data transmissions using isochronous Ethernet (IsoEnet). IEEE 802.10 Another Cisco proprietary protocol, used primarily to transport VLAN information over Fiber Distributed Data Interface (FDDI). You will find this protocol primarily used in FDDI backbones to transport VLAN information and data. IEEE 802.11 Standard that defines the implementation of wireless technologies, such as infrared and spread-spectrum radio. 359 IEEE 802.12 Standard that defines 100BaseVG/AnyLAN, which uses a 1000Mbps signaling rate and a special media-access method allowing 100Mbps data traffic over voice-grade cable. IEEE 802.13 The IEEE 802.1Q standard protocol for inserting a frame tag VLAN identifier in the frame header. As a frame enters the switch fabric, it is tagged with additional information regarding the VLAN properties. The tag remains in the frame as it is forwarded between switches and is removed prior to exiting the access link to the destination interface. This process is completely transparent to the end user. input/output (I/O) Any operation in which data either enters a node or is sent out of a node. 360 Institute of Electrical and Electronics Engineers (IEEE) A professional organization that develops standards for networking and communications. interface A device, such as a card or a plug, that connects pieces of hardware with the computer so that information can be moved from place to place (for example, between computers and printers, hard disks, and other devices, or between two or more nodes on a network). internal loopback address Used for testing with TCP/IP. This address--127.0.0.1--allows a test packet to reflect back into the sending adapter to determine if it is functioning properly. International Standards Organization (ISO) A voluntary organization founded in 1946, responsible for creating international standards in many areas, including communications and computers. Internet Assigned Numbers Authority (IANA) The organization responsible for Internet protocol addresses, domain names, and protocol parameters. Internet Control Message Protocol (ICMP) Network-layer Internet protocol, documented in RFC 792, that reports errors and provides other information relevant to IP packet processing. Internet Engineering Task Force (IETF) A group of research volunteers responsible for specifying the protocols used on the Internet and for specifying the architecture of the Internet. Internet Group Management Protocol (IGMP) Protocol responsible for managing and reporting IP multicast group memberships. Internet layer In the TCP/IP architectural model, this layer is responsible for the addressing, packaging, and routing functions. Protocols operating at this layer of the model are responsible for encapsulating packets into Internet datagrams. All necessary routing algorithms are run here. Internet Network Information Center (InterNIC) 361 The group that provides Internet services, such as domain registration and information and directory and database services. Internet Protocol (IP) Network-layer protocol, documented in RFC 791, that offers a connectionless internetwork service. IP provides features for addressing, packet fragmentation and reassembly, type-of-service specification, and security. Internet Research Task Force (IRTF) The research arm of the Internet Architecture Board. This group performs research in areas of Internet protocols, applications, architecture, and technology. IPSec A protocol designed for virtual private networks (VPNs). Used to provide strong security standards for encryption and authentication. kilobit (Kb) One thousand bits. kilobyte (K) One thousand bytes. latency The time used to forward a packet in and out of a device. Commonly used in reference to routing and switching. Layer 2 Tunneling Protocol (L2TP) A dial-up VPN protocol that defines its own tunneling protocol and works with the advanced security methods of IPSec. L2TP allows PPP sessions to be tunneled across an arbitrary medium to a home gateway at an ISP or corporation. Line Module Communication Processor (LCP) The Line Module Communication Processor (LCP) is located on each line module. It is the responsibility of the LCP to provide communications for the MCP located on the Supervisor Engine. local area network (LAN) 362 A group of connected computers that are located in a geographic area, usually a building or campus, and that share data and services. local broadcast A broadcast on the local network, looking for the IP address of the destination host. local services Services where the device supplying the services resides on the same subnet as the device requesting the services. local VLAN Beneficial for networks whose resources are centralized and in one geographical location. The VLAN can span one switch or many switches within the same floor or building. logical addressing scheme The addressing method used in providing manually assigned node addressing. Logical Link Control (LLC) Sublayer of the data link layer of the OSI Reference Model. Provides an interface for the network-layer protocols and the Media Access Control (MAC) sublayer; also part of the data link layer. loop A continuous circle that a packet takes through a series of nodes in a network until it eventually times out. Without a protocol such as STP to detect loops, if no life cycle is assigned to the packet, the data could continuously encircle the network. loopback plug A device used for loopback testing. loopback testing A troubleshooting method in which the output and input wires are crossed or shorted in a manner that allows all outgoing data to be routed back into the card. Media Access Control (MAC) address A six-octet number that uniquely identifies a host on a network. It is a unique number that is burned into the network interface card, so it cannot be changed. Media Access Unit (MAU) 363 IEEE 802.3 specification referring to a transceiver. Not to be confused with a Token Ring MAU (Multistation Access Unit), which is sometimes abbreviated MSAU. megabit (Mb or Mbit) One million bits. Term used to rate transmission transfer speeds (not to be confused with megabyte). megabyte (MB) One million bytes. Usually refers to file size. message A portion of information that is sent from one node to another. Messages are created at the upper layers of the OSI Reference Model. microwaves Very short radio waves used to transmit data over 890MHz (megahertz). modem A device used to modulate and demodulate the signals that pass through it. It converts the direct current pulses of the serial digital code from the controller into the analog signal that is compatible with the telephone network. multicast A single packet transmission from one sender to a specific group of destination nodes. multilayer switches A combination of Layer 2, 3, and 4 switches that use the concept of route once, switch many. multiprocessor Support for multiple processors in a single machine. network down Situation in which the clients are unable to utilize the services of the network. This can be administrative, scheduled downtime for upgrades or maintenance, or it can be the result of a serious error. network ID 364 The part of the TCP/IP address that specifies the network portion of the IP address. It is determined by the class of the address, which is determined by the subnet mask used. network interface card (NIC) Also known as a network adapter. The hardware component that serves as the interface, or connecting component, between your network and the node. It has a transceiver, a MAC address, and a physical connector for the network cable. network interface layer The bottom layer of the TCP/IP architectural model. Responsible for sending and receiving frames. Network Time Protocol (NTP) A protocol that allows all network equipment to synchronize the date and time on the private or internetwork environment. Network to Network Interface (NNI) An interface that provides connectivity between two ATM switches. non-blocking A condition in which the fabric contains more bandwidth than the sum total of all the ports' bandwidth combined. Non-Volatile RAM (NVRAM) Static memory similar to that of the flash. Memory stored in NVRAM does not get lost when the power is cycled on the device. On a switch, the NVRAM stores the VLAN configuration, system configuration, SNMP parameters, STP configuration, and configuration of each port. 365 Open Systems Interconnection (OSI) Model A seven-layer model created by the ISO to standardize and explain the interactions of networking protocols. over subscription A condition in which the total bandwidth of the ports is greater than the capacity of the switching fabric. Also referred to as a blocking architecture. Packet InterNET Groper (PING) A TCP/IP protocol-stack utility that works with Internet Control Message Protocol and uses an echo request and reply to test connectivity to other systems. password A set of characters used with a username to authenticate a user on the network and to provide the user with rights and permissions to files and resources. patch panel A device where the wiring used in coaxial or twisted-pair networks converges in a central location and is then connected to the back of the panel. peer-to-peer networking A network environment without dedicated servers, where communication occurs between similarly capable network nodes that act as both client and server. permissions Authorization provided to users, allowing them to access objects on the network. The network administrators generally assign permissions. Slightly different from but often used with rights. physical addressing scheme Refers to the MAC address on every network card manufactured. Cannot be changed. physical layer Bottom layer (Layer 1) of the OSI Reference Model, where all physical connectivity is defined. Plug and Play 366 Architecture designed to allow hardware devices to be detected by the operating system and for the driver to be automatically loaded. Point-To-Point Protocol (PPP) A common dial-up networking protocol that includes provisions for security and protocol negotiation and provides host-to-network and switch-to-switch connections for one or more user sessions. The common modem connection used for Internet dialup. Point-To-Point Tunneling Protocol (PPTP) A protocol that encapsulates private network data in IP packets. These packets are transmitted over synchronous and asynchronous circuits to hide the underlying routing and switching infrastructure of the Internet from both senders and receivers. polling The media-access method for transmitting data, in which a controlling device is used to contact each node to determine if it has data to send. presentation layer Layer 6 of the OSI Reference Model. Prepares information to be used by the application layer. proprietary A standard or specification that is created by a manufacturer, vendor, or other private enterprise and is not always a recognized standard. protocol A set of rules that govern network communications between networks, computers, peripherals, and operating systems. Protocol Identification field In a frame, a five-byte field used to identify to the destination node the protocol that is being used in the data transmission. quality of service (QoS) A guarantee of a particular level of service for a connection. QoS uses queuing and other methods to guarantee that bandwidth is available for a certain protocol, 367 application, or address. QoS is important for implementing applications such as voice and video. queuing Another term for QoS. Using buffering and priority control mechanisms to control data congestion on the network. read/writes The counting of packets on the ingress (read) as well as the egress (write) from the switching fabric. remote services Services where the device supplying the services resides on a separate subnet from the device requesting the services. repeater A device that regenerates and retransmits the signal on a network. Generally used to strengthen signals going long distances. Request for Comments (RFC) Method used to post documents regarding networking or Internet-related standards or ideas. Some have been adopted and accepted by the Internet Architecture Board as standards. resource node An interface on the network that provides a service for a demand node. Resource nodes can be such items as servers and printers. Incorrect placement of your resource networks can have terrible effects on your network. rights Authorization provided to users, allowing them to perform certain tasks. The network administrators generally assign rights. Slightly different from but often used with permissions. RJ-11 connector Used with telephone systems; can have either four or six conductors. A red/green pair of wires is used for voice and data; a black/white pair is used for low-voltage signals. 368 RJ-45 connector An Ethernet cable connector used with twisted-pair cable, which can support eight conductors for four pairs of wires. Routing Information Protocol (RIP) Protocol that uses hop counts as a routing metric to control the direction and flow of packets between routers and switches on an internetwork. server A resource node that fulfills service requests for demand nodes. Usually referred to by the type of service it performs, such as file server, email server, or print server. service access point (SAP) A field in a frame that tells the receiving host which protocol the frame is intended for. session The dialog that exists between two computers. session layer The fifth layer of the OSI Reference Model, which establishes, manages, and terminates sessions between applications on different nodes. shielded twisted-pair (STP) Twisted-pair network cable that has shielding to insulate the cable from electromagnetic interference. 369 Simple Network Management Protocol (SNMP) A protocol used almost with TCP/IP networks to provide network devices with a method to monitor and control network devices. It is used to manage configurations, statistics collection, performance, and security, and to report network management information to a management console that is a member of the same community. Simple Network Management Protocol (SNMP) trap An SNMP protocol utility that sends out an alarm in an identified community notifying members of the community that some network activity differs from the established threshold, as defined by the administrator. smart bridge Also known as a learning bridge. A bridge that builds its own bridging address table--no manual configuration or intervention is required. socket A logical interprocess communications mechanism through which a program communicates with another program or with a network. socket identifier Also known as a socket number. An 8-bit number used to identify the socket. Developers and designers of services and protocols usually assign socket identifiers. source address The address of the host who sent the frame. It is contained in the frame so the destination node knows who sent the data. static IP addresses IP addresses that are assigned to each network device individually; often referred to as hard-coded. static VLAN port A port on a switch manually assigned a VLAN number. Any node or interface connected to the port automatically becomes a member of the assigned VLAN. storage area network(SAN) 370 A subnetwork of storage devices, usually found on high-speed networks and shared by all servers on the network. subnet mask A 32-bit address that is used to mask or "screen" a portion of the IP address to differentiate the part of the address that designates the network and the part that designates the host. subnetting The process of dividing your assigned IP address range into smaller clusters of hosts. supernetting Aggregating IP network addresses and advertising them as a single classless network address. switch A Layer 2 networking device that forwards frames based on destination addresses. switch block Switching devices located in wiring closets, requiring high-speed uplinks and redundancy. syslog Messages sent to a remote machine regarding the switch system configuration, such as software and configuration changes. T1 Digital WAN carrier facility that transmits DS-1-formatted data at 1.544Mbps through the telephone switching network, using AMI or B8ZS coding. TACACS+ A security feature that uses an MD5 encrypted algorithm to enforce strict authentication controls. It requires both a user name and password, allowing administrators to better track network usage and changes based on user accounts. TCP/IP See Transmission Control Protocol/Internet Protocol. Telecommunications Industry Association (TIA) 371 An organization that develops standards--with the EIA (Electronics Industries Association)--for telecommunications technologies. Telnet Standard terminal-emulation protocol in the TCP/IP protocol stack. It is used to perform terminal emulation over TCP/IP via remote terminal connections, enabling users to log in to remote systems and use resources as if they were connected to a local system. topology The shape or layout of a physical network and the flow of data through the network. Transmission Control Protocol (TCP) Part of the TCP/IP protocol stack. A connection-oriented, reliable data-transmission communication service that operates at the OSI transport layer. Transmission Control Protocol/Internet Protocol (TCP/IP) The suite of protocols combining TCP and IP, developed to support the construction of worldwide internetworks. See Transmission Control Protocol and Internet Protocol. Transmission Control Protocol/Internet Protocol (TCP/IP) socket A socket, or connection to an endpoint, used in TCP/IP communication transmissions. transmit The process of sending data using light, electronic, or electric signals. In networking, this is usually done in the form of digital signals composed of bits. transport layer Layer 4 of the OSI Reference Model; controls the flow of information. 372 Trivial File Transfer Protocol (TFTP) A simplified version of FTP, allowing files to be transferred over a network from one computer to another. Also used to install the Cisco IOS on an IOS-based switch, router, or GSR. trunk link A special type of VLAN connection. Unlike a user port, trunk links expect the device at the other end of the connection to understand the inserted frame tags. Standard Ethernet and Token Ring cards do not understand frame tags. twisted-pair A type of cable that uses multiple twisted pairs of copper wire. unicast A frame in which the destination MAC address specifies the single computer of destination. Summarized as direct network traffic between two individual nodes. unshielded twisted-pair (UTP) A type of cable that uses multiple twisted pairs of copper wire in a casing that does not provide much protection from EMI. The most common network cable in Ethernet networks, it is rated in five categories. User Access Control (UAC) A set of user policies created to determine the security options in Windows Vista and Windows 7. User Datagram Protocol (UDP) A communications protocol that provides connectionless, unreliable communications services and operates at the transport layer of the OSI model. It requires a transmission protocol such as IP to guide it to the destination host. user interface (UI) The graphical application that users interact with at the Application layer. User to Network Interface (UNI) An interface that provides a connection between an ATM end-station interface and an ATM switch interface. Virtual desktop infrastructure (VDI) 373 Improves a users experience for with multimon and microphone support. Having the ability to reuse virtual hard drive (VHD) images to boot a physical PC. virtual LAN (VLAN) Allows a network administrator to divide a bridged network into several broadcast domains. Each VLAN is considered its own separate subnet, and Layer 3 routing is still required to route between VLANs. VLANs can be based on the port identifier of the switch, the MAC address, Layer 3 addressing, directory information, or application information. VLANs can be implemented on different media types such as Ethernet, FDDI, Token Ring, or ATM. The benefits of VLANs are limited broadcast domains, added security, and redundancy. virtual private network (VPN) A network that uses a public network such as the Internet as a backbone to connect two or more private networks. Provides users with the equivalent of a private network in terms of security. VLAN Trunking Protocol (VTP) A protocol used to enhance and configure the extension of broadcast domains across multiple switches. VTP dynamically reports the addition of VLANs throughout the switched network, in turn creating a consistent switched network. wide area network (WAN) Data communications network that serves users across a broad geographical area. Often uses transmission devices such as modems and Channel Service Units/Data Service Units (CSU/DSU) to carry signals over leased lines or common carrier lines. Windows Display Driver Model (WDDM) Windows protocol for the design of display adapters which will allow special graphic functions such as Windows Aero in Widows Vista and Windows 7. window flow control A flow-control method in which the receiving host buffers the data it receives and holds it in the buffer until it can be processed. After it is processed, an acknowledgment is sent to the sender. 374 Other titles from MediaWorks Publishing Windows 7 Professional The Little Black Book By: Randy Bankofier Search Engine Optimization (SEO) For 2010 By: Sean Odom 375